dev.cocore.account.createApiKey

cocore.dev

Documentation

Mint a new cocore API key for the authenticated account. Authenticate with either a console session cookie or an existing `Authorization: Bearer cocore-...` key. The full secret is returned exactly once in `secret` and is never retrievable again — only its SHA-256 hash is stored. Use the returned key to authenticate subsequent automated requests (inference, the record proxy, and these key-management methods themselves).

main procedure

Mint a new cocore API key for the authenticated account. Authenticate with either a console session cookie or an existing `Authorization: Bearer cocore-...` key. The full secret is returned exactly once in `secret` and is never retrievable again — only its SHA-256 hash is stored. Use the returned key to authenticate subsequent automated requests (inference, the record proxy, and these key-management methods themselves).

Input

Encodingapplication/json
expiresAt stringdatetime Optional

Optional RFC3339 expiry. Omit (or send null) for a key that never expires on its own.

name string Required

Human-readable label so the owner can tell their keys apart.

maxLength: 100 bytesminLength: 1 bytes

Output

Encodingapplication/json
secret string Required

The full plaintext key (`cocore-<43 url-safe base64 chars>`). Shown exactly once; store it now.

Errors

AuthRequired No valid session cookie or bearer key was presented.
Try It

Requests are sent directly from your browser. Some servers may block requests due to CORS.

Base URL for XRPC calls (e.g., https://bsky.social)
Enter valid JSON for the request body
View raw schema 
{
  "type": "procedure",
  "input": {
    "schema": {
      "type": "object",
      "required": [
        "name"
      ],
      "properties": {
        "name": {
          "type": "string",
          "maxLength": 100,
          "minLength": 1,
          "description": "Human-readable label so the owner can tell their keys apart."
        },
        "expiresAt": {
          "type": "string",
          "format": "datetime",
          "description": "Optional RFC3339 expiry. Omit (or send null) for a key that never expires on its own."
        }
      }
    },
    "encoding": "application/json"
  },
  "errors": [
    {
      "name": "AuthRequired",
      "description": "No valid session cookie or bearer key was presented."
    }
  ],
  "output": {
    "schema": {
      "type": "object",
      "required": [
        "key",
        "secret"
      ],
      "properties": {
        "key": {
          "ref": "dev.cocore.account.defs#apiKeyView",
          "type": "ref"
        },
        "secret": {
          "type": "string",
          "description": "The full plaintext key (`cocore-<43 url-safe base64 chars>`). Shown exactly once; store it now."
        }
      }
    },
    "encoding": "application/json"
  },
  "description": "Mint a new cocore API key for the authenticated account. Authenticate with either a console session cookie or an existing `Authorization: Bearer cocore-...` key. The full secret is returned exactly once in `secret` and is never retrievable again — only its SHA-256 hash is stored. Use the returned key to authenticate subsequent automated requests (inference, the record proxy, and these key-management methods themselves)."
}

Lexicon Garden

@