Creates a new API key for the authenticated user.

POST 
/apikeys

The response includes the FULL plaintext key value exactly once — subsequent reads return a masked version, so the consumer must capture and store the value immediately.

Request

Responses

200

OK

400

Bad Request

401

Unauthorized - missing or invalid credentials.

403

Forbidden - authenticated but missing required role or policy.