> ## Documentation Index > Fetch the complete documentation index at: https://ahasend.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Create API Key > Creates a new API key with the specified scopes ## OpenAPI ````yaml /openapi.yaml POST /v2/accounts/{account_id}/api-keys openapi: 3.1.0 info: title: AhaSend API v2 description: > The AhaSend API v2 allows you to send transactional emails, manage domains, webhooks, routes, API keys, and view statistics. ## Authentication All API requests must be authenticated using a Bearer token in the Authorization header: ``` Authorization: Bearer aha-sk-64-CHARACTER-RANDOM-STRING ``` ## Scopes API keys have specific scopes that control access to different resources and actions: ### Message Scopes - `messages:send:all` - Send messages from any domain in the account - `messages:send:{domain}` - Send messages from a specific domain - `messages:cancel:all` - Cancel messages from any domain - `messages:cancel:{domain}` - Cancel messages from a specific domain - `messages:read:all` - Read messages from any domain - `messages:read:{domain}` - Read messages from a specific domain ### Domain Scopes - `domains:read` - Read all domains - `domains:write` - Create and update domains - `domains:delete:all` - Delete any domain - `domains:delete:{domain}` - Delete a specific domain ### Account Scopes - `accounts:read` - Read account information - `accounts:write` - Update account settings - `accounts:billing` - Access billing information - `accounts:members:read` - Read account members - `accounts:members:add` - Add account members - `accounts:members:update` - Update account members - `accounts:members:remove` - Remove account members ### Webhook Scopes - `webhooks:read:all` - Read all webhooks - `webhooks:read:{domain}` - Read webhooks for a specific domain - `webhooks:write:all` - Create and update webhooks - `webhooks:write:{domain}` - Create and update webhooks for a specific domain - `webhooks:delete:all` - Delete any webhook - `webhooks:delete:{domain}` - Delete webhooks for a specific domain ### Route Scopes - `routes:read:all` - Read all routes - `routes:read:{domain}` - Read routes for a specific domain - `routes:write:all` - Create and update routes - `routes:write:{domain}` - Create and update routes for a specific domain - `routes:delete:all` - Delete any route - `routes:delete:{domain}` - Delete routes for a specific domain ### Suppression Scopes - `suppressions:read` - Read suppressions - `suppressions:write` - Create suppressions - `suppressions:delete` - Delete suppressions - `suppressions:wipe` - Delete all suppressions (dangerous) ### SMTP Credentials Scopes - `smtp-credentials:read:all` - Read all SMTP credentials - `smtp-credentials:read:{domain}` - Read SMTP credentials for a specific domain - `smtp-credentials:write:all` - Create SMTP credentials - `smtp-credentials:write:{domain}` - Create SMTP credentials for a specific domain - `smtp-credentials:delete:all` - Delete any SMTP credentials - `smtp-credentials:delete:{domain}` - Delete SMTP credentials for a specific domain ### Statistics Scopes - `statistics-transactional:read:all` - Read all transactional statistics - `statistics-transactional:read:{domain}` - Read transactional statistics for a specific domain ### API Key Scopes - `api-keys:read` - Read API keys - `api-keys:write` - Create and update API keys - `api-keys:delete` - Delete API keys ## Rate Limiting - General API endpoints: 100 requests per second, 200 burst - Statistics endpoints: 1 request per second, 1 burst ## Pagination List endpoints use cursor-based pagination with the following parameters: - `limit`: Maximum number of items to return (default: 100, max: 100) - `cursor`: Pagination cursor for the next page ## Time Formats All timestamps must be in RFC3339 format, e.g., `2023-12-25T10:30:00Z` ## Idempotency POST requests support idempotency through the optional `Idempotency-Key` header. When provided: - The same request can be safely retried multiple times - Duplicate requests return the same response with `Idempotent-Replayed: true` - In-progress requests return HTTP 409 with `Idempotent-Replayed: false` - Failed requests return HTTP 412 with `Idempotent-Replayed: false` - Reusing a key with a different request payload returns HTTP 422 - Idempotency keys expire after 24 hours version: 2.0.0 contact: email: support@ahasend.com license: name: MIT identifier: MIT servers: - url: https://api.ahasend.com description: Production server security: - BearerAuth: [] tags: - name: Utility description: Utility endpoints for health checks and diagnostics - name: API Keys description: Manage API keys for authentication and access control - name: Domains description: Manage sending domains - name: Messages description: Send and manage transactional messages - name: Accounts description: Manage account settings and members - name: Suppressions description: Manage email suppressions - name: Routes description: Manage inbound email routing - name: Webhooks description: Manage webhook notifications - name: SMTP Credentials description: Manage SMTP authentication credentials - name: Statistics description: Access transactional email statistics - name: Message Events description: Webhooks for outbound message delivery events - name: Suppression Events description: Webhooks for suppression list changes - name: Domain Events description: Webhooks for domain configuration issues - name: Route Events description: Webhooks for inbound email routing paths: /v2/accounts/{account_id}/api-keys: post: tags: - API Keys summary: Create API Key description: Creates a new API key with the specified scopes operationId: createAPIKey parameters: - name: account_id in: path required: true description: Account ID schema: type: string format: uuid - $ref: '#/components/parameters/IdempotencyKey' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CreateAPIKeyRequest' responses: '201': description: API key created successfully headers: Idempotent-Replayed: $ref: '#/components/headers/IdempotentReplayed' content: application/json: schema: $ref: '#/components/schemas/APIKey' '400': description: Bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '401': description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '403': description: Forbidden content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '409': $ref: '#/components/responses/IdempotencyConflict' '412': $ref: '#/components/responses/IdempotencyPreconditionFailed' '422': $ref: '#/components/responses/IdempotencyPayloadMismatch' '500': description: Internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' security: - BearerAuth: - api-keys:write x-code-samples: - lang: go label: AhaSend Go SDK source: | package main import ( "context" "fmt" "log" "github.com/AhaSend/ahasend-go/api" "github.com/AhaSend/ahasend-go/models/requests" "github.com/google/uuid" ) func main() { // Create API client with authentication client := api.NewAPIClient( api.WithAPIKey("aha-sk-your-64-character-key"), ) accountID := uuid.New() // Create context for the API call ctx := context.Background() // Call the ping endpoint response, httpResp, err := client.APIKeysAPI.CreateAPIKey( ctx, accountID, requests.CreateAPIKeyRequest{ Label: "My API Key", Scopes: []string{ "messages:read:all", "domains:read", }, }, ) if err != nil { log.Fatalf("Error creating API key: %v", err) } // Check response if httpResp.StatusCode == 201 { fmt.Printf("✅ Status: %d\n", httpResp.StatusCode) if response != nil { fmt.Printf("Created API key, secret key: %s\n", response.SecretKey) } } else { fmt.Printf("❌ Unexpected status code: %d\n", httpResp.StatusCode) } } components: parameters: IdempotencyKey: name: Idempotency-Key in: header required: false description: > Optional idempotency key for safe request retries. Must be a unique string for each logical request. Requests with the same key will return the same response. Keys expire after 24 hours. schema: type: string maxLength: 255 example: user-12345-create-domain-20240101 schemas: CreateAPIKeyRequest: type: object required: - label - scopes properties: label: type: string maxLength: 255 description: Human-readable label for the API key scopes: type: array items: type: string minItems: 1 description: Array of scope strings to grant to this API key example: label: Production API Key scopes: - messages:send:all - domains:read APIKey: type: object properties: object: type: string enum: - api_key description: Object type identifier id: type: string format: uuid description: Unique identifier for the API key created_at: type: string format: date-time description: When the API key was created updated_at: type: string format: date-time description: When the API key was last updated last_used_at: type: string format: date-time nullable: true description: When the API key was last used (updates every 5-10 minutes) account_id: type: string format: uuid description: Account ID this API key belongs to label: type: string description: Human-readable label for the API key public_key: type: string description: Public portion of the API key secret_key: type: string description: Secret key (only returned on creation) scopes: type: array items: $ref: '#/components/schemas/APIKeyScope' description: Scopes granted to this API key required: - object - id - created_at - updated_at - account_id - label - public_key - scopes ErrorResponse: type: object required: - message properties: message: type: string description: Error description example: message: Error message APIKeyScope: type: object properties: id: type: string format: uuid description: Unique identifier for the scope created_at: type: string format: date-time description: When the scope was created updated_at: type: string format: date-time description: When the scope was last updated api_key_id: type: string format: uuid description: ID of the API key this scope belongs to scope: type: string description: The scope string domain_id: type: string format: uuid nullable: true description: Domain ID for domain-specific scopes required: - id - created_at - updated_at - api_key_id - scope headers: IdempotentReplayed: description: > Indicates whether this response is replayed from a previous identical request. - `true`: Response was replayed from cache (duplicate request) - `false`: Response from original processing or error state schema: type: string enum: - true - false responses: IdempotencyConflict: description: >- Request in progress - a request with this idempotency key is already being processed headers: Idempotent-Replayed: $ref: '#/components/headers/IdempotentReplayed' content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' example: message: A request with this idempotency key is already in progress IdempotencyPreconditionFailed: description: >- Original request failed - the request with this idempotency key previously failed and cannot be retried headers: Idempotent-Replayed: $ref: '#/components/headers/IdempotentReplayed' content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' example: message: >- The original request with this idempotency key failed and cannot be retried IdempotencyPayloadMismatch: description: Idempotency key was already used with a different request payload content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' example: message: idempotency key was already used with a different request payload securitySchemes: BearerAuth: type: http scheme: bearer bearerFormat: aha-sk-64-CHARACTER-RANDOM-STRING description: API key for authentication ````