> ## Documentation Index
> Fetch the complete documentation index at: https://developers.lighton.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Create API key

> Create a new API key for the authenticated user.

**The full key value is returned only once** in the creation response and cannot be retrieved again afterwards.

`expires_at` is required:
- A future datetime expires the key at that time.
- `null` creates a key that never expires.

**Workspace scoping (optional):** include `scopes` — a list of `{workspace_id, permission}` entries — to restrict the key to those workspaces. Each entry's `permission` is one of `viewer`, `editor`, or `owner`, and cannot exceed the role you currently hold on that workspace; a 400 is returned otherwise. Different scopes on the same key can carry different permissions.



## OpenAPI

````yaml /api-reference/api-console.yaml post /api/v3/keys
openapi: 3.1.0
info:
  title: LightOn API
  version: 3.9.0 (v1)
  description: >-
    LightOn gives you an API to search, parse, and ingest documents at scale.
    Build knowledge-retrieval pipelines without managing vector databases or OCR
    models.
servers:
  - url: https://api.lighton.ai
security: []
tags:
  - name: Ask
    description: >-
      Retrieval-augmented generation: search your indexed corpus and generate an
      LLM answer grounded in the retrieved passages. Supports streaming (SSE)
      and synchronous modes.
  - name: Search
    description: >-
      Hybrid vector + text retrieval over your indexed corpus. Returns ranked
      passages with provenance (file, page range, workspace). Optional reranking
      and vision mode.
  - name: Files
    description: Upload, list, fetch, and delete documents indexed in your workspaces.
  - name: Facets
    description: >-
      Organise documents with hierarchical content types and custom attributes
      per file. Start from starter templates or build your own classification
      schema from scratch.
  - name: Tags
    description: >-
      Manage flat, company-wide labels used to scope search and group content
      across workspaces.
  - name: Workspaces
    description: >-
      Create and manage workspaces — the access-controlled containers your
      documents live in.
  - name: Parse
    description: >-
      Convert documents into structured Markdown — PDFs, images, Office files,
      and HTML. Synchronous endpoint capped at 20 MB / 15 pages.
  - name: Extract
    description: >-
      Pull typed fields out of documents using a JSON Schema you provide. Sync
      mode for small documents (≤20 MB / 15 pages); async mode for larger jobs
      (≤100 MB / 1000 pages) with polling on a job ID.
  - name: API Keys
    description: >-
      Provision and revoke API keys used to authenticate against the Console
      API.
  - name: Models
    description: >-
      List, register, update, and delete custom ML models scoped to your
      company.
paths:
  /api/v3/keys:
    post:
      tags:
        - API Keys
      summary: Create API key
      description: >-
        Create a new API key for the authenticated user.


        **The full key value is returned only once** in the creation response
        and cannot be retrieved again afterwards.


        `expires_at` is required:

        - A future datetime expires the key at that time.

        - `null` creates a key that never expires.


        **Workspace scoping (optional):** include `scopes` — a list of
        `{workspace_id, permission}` entries — to restrict the key to those
        workspaces. Each entry's `permission` is one of `viewer`, `editor`, or
        `owner`, and cannot exceed the role you currently hold on that
        workspace; a 400 is returned otherwise. Different scopes on the same key
        can carry different permissions.
      operationId: api_v3_keys_create
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateAPIKeyV3Request'
          application/x-www-form-urlencoded:
            schema:
              $ref: '#/components/schemas/CreateAPIKeyV3Request'
          multipart/form-data:
            schema:
              $ref: '#/components/schemas/CreateAPIKeyV3Request'
        required: true
      responses:
        '201':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CreateAPIKeyV3Response'
          description: >-
            API key created. The `key` field contains the full key value — save
            it now, it will not be shown again.
        '400':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/APIV3ErrorResponse'
              examples:
                QuotaExceeded:
                  value:
                    id: null
                    code: 400
                    error: bad_request
                    detail: >-
                      You have reached the maximum allowed number of api keys.
                      Think about deleting some to create new ones.
                    doc_url: https://developers.lighton.ai/errors#bad_request
                  summary: Quota exceeded
                PermissionCeilingExceeded:
                  value:
                    id: null
                    code: 400
                    error: bad_request
                    detail: >-
                      Cannot grant viewer permission on workspace 42: you only
                      have editor role.
                    doc_url: https://developers.lighton.ai/errors#bad_request
                  summary: Permission ceiling exceeded
          description: >-
            Bad Request — invalid fields, quota exceeded, or permission ceiling
            exceeded.
        '401':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/APIV3ErrorResponse'
              examples:
                Unauthorized:
                  value:
                    id: null
                    code: 401
                    error: unauthorized
                    detail: >-
                      Authentication credentials were not provided or are
                      invalid.
                    doc_url: https://developers.lighton.ai/errors#unauthorized
          description: Authentication credentials were not provided or are invalid
      security:
        - bearerAuth: []
components:
  schemas:
    CreateAPIKeyV3Request:
      type: object
      description: Reject any request fields not declared on the serializer.
      properties:
        name:
          type: string
          maxLength: 250
        expires_at:
          type:
            - string
            - 'null'
          format: date-time
          description: >-
            Expiration datetime for the API key. Set to a future datetime to
            expire the key at that time, or null to create a key that never
            expires.
        scopes:
          type: array
          items:
            $ref: '#/components/schemas/APIKeyScopeRequest'
          description: >-
            Optional list of `{workspace_id, role}` entries. Providing this
            field marks the key as workspace-scoped: it can only access the
            listed workspaces, with the per-workspace role shown. The requested
            role on each workspace is capped at the role you currently hold
            there.
      required:
        - expires_at
        - name
    CreateAPIKeyV3Response:
      type: object
      properties:
        id:
          type: string
        name:
          type: string
        prefix:
          type: string
        created_at:
          type: string
          format: date-time
        expires_at:
          type:
            - string
            - 'null'
          format: date-time
        scopes:
          type: array
          items:
            $ref: '#/components/schemas/APIKeyScope'
          readOnly: true
        key:
          type: string
      required:
        - created_at
        - expires_at
        - id
        - key
        - name
        - prefix
        - scopes
    APIV3ErrorResponse:
      type: object
      properties:
        id:
          type:
            - string
            - 'null'
          description: >-
            Job/resource id when one already exists (useful for async error
            diagnosis); null otherwise.
        code:
          type: integer
          description: HTTP status code
        error:
          type: string
          description: Error code used by the UI as a translation key
        detail:
          type: string
          description: Human-readable error message for developers
        doc_url:
          type: string
          description: Link to the error-code documentation page
      required:
        - code
        - detail
        - doc_url
        - error
        - id
    APIKeyScopeRequest:
      type: object
      description: One entry in the `scopes` list — a workspace + a role on it.
      properties:
        workspace_id:
          type: integer
          minimum: 1
        role:
          $ref: '#/components/schemas/RoleEnum'
      required:
        - role
        - workspace_id
    APIKeyScope:
      type: object
      properties:
        workspace_id:
          type: integer
        workspace_name:
          type: string
        workspace_upload_method:
          type: string
        workspace_datasource_type:
          type:
            - string
            - 'null'
          readOnly: true
        role:
          type: string
      required:
        - role
        - workspace_datasource_type
        - workspace_id
        - workspace_name
        - workspace_upload_method
    RoleEnum:
      enum:
        - viewer
        - editor
        - owner
      type: string
      description: |-
        * `viewer` - viewer
        * `editor` - editor
        * `owner` - owner
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      description: >-
        Bearer authentication header of the form `Bearer <token>`, where
        `<token>` is your auth token.

````