# Create API key

> POST /api-keys — create a new API key. The token is returned once.

`POST /api-keys`

Creates a new API key and returns the full `mb_...` token **once**. Only the hash and prefix are stored, so copy the token immediately. An API-key caller must hold `full_access` to create keys.

**Body parameters**

| Name | Type | Required | Description |
| --- | --- | --- | --- |
| `name` | string | Yes | A label for the key. Maximum 50 characters. |
| `permission` | full_access | sending_access | No | The access level. `full_access` (default) can create, delete, get, and update any resource; `sending_access` can only send emails. |
| `domain_id` | string | No | Restrict the key to send only from a specific domain — enforced on every send surface (`POST /emails`, batch, campaign sends, and the SMTP relay). Only applies when `permission` is `sending_access`. |

**Node.js**

```js
import { MailBlastr } from 'mailblastr';

const mb = new MailBlastr('mb_xxxxxxxxx');

const { data, error } = await mb.apiKeys.create({
  "name": "Production server",
  "permission": "sending_access"
});
console.log({ data, error });
```

**Ruby**

```ruby
require "mailblastr"

Mailblastr.api_key = "mb_xxxxxxxxx"

Mailblastr::ApiKeys.create({
  "name": "Production server",
  "permission": "sending_access"
})
```

**PHP**

```php
$mailblastr = Mailblastr::client('mb_xxxxxxxxx');

$mailblastr->apiKeys->create([
  'name' => "Production server",
  'permission' => "sending_access"
]);
```

**Python**

```python
import mailblastr

mailblastr.api_key = "mb_xxxxxxxxx"

mailblastr.ApiKeys.create({
  "name": "Production server",
  "permission": "sending_access"
})
```

**Go**

```go
package main

import (
    "fmt"
    "io"
    "net/http"
    "strings"
)

func main() {
    req, _ := http.NewRequest("POST", "https://api.mailblastr.com/api-keys", strings.NewReader(`{
  "name": "Production server",
  "permission": "sending_access"
}`))
    req.Header.Set("Authorization", "Bearer mb_xxxxxxxxx")
    req.Header.Set("Content-Type", "application/json")
    res, _ := http.DefaultClient.Do(req)
    defer res.Body.Close()
    out, _ := io.ReadAll(res.Body)
    fmt.Println(string(out))
}
```

**Rust**

```rust
use reqwest::Client;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let res = Client::new()
        .post("https://api.mailblastr.com/api-keys")
        .header("Authorization", "Bearer mb_xxxxxxxxx")
        .header("Content-Type", "application/json")
        .body(r#"{
  "name": "Production server",
  "permission": "sending_access"
}"#)
        .send()
        .await?;
    println!("{}", res.text().await?);
    Ok(())
}
```

**Java**

```java
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;

var client = HttpClient.newHttpClient();
var request = HttpRequest.newBuilder()
    .uri(URI.create("https://api.mailblastr.com/api-keys"))
    .header("Authorization", "Bearer mb_xxxxxxxxx")
    .header("Content-Type", "application/json")
    .method("POST", HttpRequest.BodyPublishers.ofString("""
{
  "name": "Production server",
  "permission": "sending_access"
}
"""))
    .build();
var response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
```

**.NET**

```csharp
using System.Net.Http;
using System.Text;

var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Post, "https://api.mailblastr.com/api-keys");
request.Headers.Add("Authorization", "Bearer mb_xxxxxxxxx");
request.Content = new StringContent(@"{
  ""name"": ""Production server"",
  ""permission"": ""sending_access""
}", Encoding.UTF8, "application/json");
var response = await client.SendAsync(request);
Console.WriteLine(await response.Content.ReadAsStringAsync());
```

**cURL**

```bash
curl -X POST 'https://api.mailblastr.com/api-keys' \
  -H 'Authorization: Bearer mb_xxxxxxxxx' \
  -H 'Content-Type: application/json' \
  -d '{
  "name": "Production server",
  "permission": "sending_access"
}'
```

**CLI**

```bash
mailblastr api-keys create \
  --name 'Production server' \
  --permission 'sending_access'
```

### Response

```json
{
  "id": "dacf4072-4119-4d88-932f-6202748ac7c8",
  "object": "api_key",
  "token": "mb_AbC123dEf456GhI789jKl012mNoPqRs",
  "domain_id": null
}
```

> **Warning:** The `token` is shown exactly once. Errors: `missing_required_field` if `name` is absent; `validation_error` if `permission` is not `full_access` or `sending_access`; `invalid_access` if the calling key lacks full access.
