Source: https://datafa.st/docs/api/account/website-keys/create
Markdown source: https://datafa.st/docs/api/account/website-keys/create.md
Description: Create a df_ website API key. The raw key is returned once.

# Create website key

`POST https://datafa.st/api/v1/admin/websites/{websiteId}/apikeys`

Create a df_ website API key. The raw key is returned once.

## Request

### Authentication

- `dft_` account token with `api-keys:write`.


### Path parameters

| Parameter | Type | Description |
| --- | --- | --- |
| `websiteId` | string | Website ObjectId used by account tokens to choose which website to query or manage. Website ObjectId. The caller token must have access to this website. |

### Body parameters

| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `name` | string | No | Human-readable name for the resource or event. The exact meaning depends on the endpoint. Human-readable API key name. Stored as null when omitted. |

## Response

Returns a JSON object with `status` and endpoint-specific fields.

### Response fields

| Field | Type | Description |
| --- | --- | --- |
| `data[].message` | string | Human-readable confirmation or status message for the operation. |

### Errors

Common errors include `400` for invalid input, `401` for missing or invalid tokens, `403` for missing permissions or website access, `404` for missing resources, and `500` for server errors.

## Code examples

### Example request

```bash
curl -X POST "https://datafa.st/api/v1/admin/websites/{websiteId}/apikeys" \
  -H "Authorization: Bearer dft_xxx" \
  -H "Content-Type: application/json" \
  -d '{"name":"Production key"}'
```

### Success response

```json
{
  "status": "success",
  "data": [{
    "_id": "665f0b3c4d2e1a0012345678",
    "name": "Production key",
    "displayKey": "df_ab12...xyz9",
    "websiteId": "665f0b3c4d2e1a0012345678",
    "key": "df_full_key_shown_once"
  }]
}
```