Skip to main content
POST
/
api_keys
Create a scoped API key
curl --request POST \
  --url https://api.bridge.xyz/v0/api_keys \
  --header 'Api-Key: <api-key>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "scopes": [
    "customer:read",
    "customer:create"
  ]
}
'
{
  "id": "5f1f5b3a-8c2b-4e5f-9d88-e0b2a7d3a1e8",
  "type": "Private",
  "owner_type": "Developer",
  "owner_id": "e802b3a4-f453-4da8-8a5b-dd50cede1e4f",
  "prefix": "sk-live",
  "last_4": "9f2c",
  "state": "Active",
  "created_at": "2026-04-22T15:04:05Z",
  "updated_at": "2026-04-22T15:04:05Z",
  "scopes": [
    "customer:read",
    "customer:create"
  ],
  "value": "sk-live-0123456789abcdef0123456789ab9f2c"
}

Documentation Index

Fetch the complete documentation index at: https://apidocs.bridge.xyz/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Api-Key
string
header
required

Body

application/json

The scopes to grant the new API key. Must be a non-empty array drawn from ApiKeyScope.

scopes
enum<string>[]
required

Scopes to grant the new key. Must be a non-empty array. Each scope must be one you yourself hold (scope subsetting).

Minimum array length: 1

A scope that may be granted to a scoped API key. Unrestricted keys are created via the Dashboard and implicitly hold the standard scopes; they cannot be requested here.

Available options:
api_key:create,
api_key:self:read,
audit_log:read,
card:create,
card:delete,
card:read,
card:update,
crypto_return_policy:create,
crypto_return_policy:delete,
crypto_return_policy:read,
crypto_return_policy:update,
customer:create,
customer:delete,
customer:read,
customer:update,
customer_creation_request:create,
customer_creation_request:read,
developer_fee:create,
developer_fee:read,
developer_fee:update,
developer_trade_configuration:read,
developer_trade_configuration:update,
exchange_rate:read,
external_account:create,
external_account:delete,
external_account:read,
external_account:update,
inquiry:read,
inquiry:resume,
liquidation_address:create,
liquidation_address:drain:read,
liquidation_address:drain:update,
liquidation_address:read,
liquidation_address:update,
prefunded_account:read,
tos_link:create,
tos_link:read,
transfer:create,
transfer:create:privy_custodial_wallet,
transfer:delete,
transfer:read,
transfer:update,
virtual_account:create,
virtual_account:delete,
virtual_account:history:read,
virtual_account:read,
virtual_account:transaction:read,
virtual_account:update,
wallet:create,
wallet:create:privy_custodial_wallet,
wallet:customer:read,
wallet:delete,
wallet:developer:read,
wallet:update,
webhook:create,
webhook:delete,
webhook:read,
webhook:update

Response

The API key was created. value is returned exactly once.

Returned only on key creation. value is the plaintext secret and is shown exactly once.

id
string<uuid>
required

The unique identifier for this API key.

type
enum<string>
required

Whether the key was created programmatically (Private) or via the Dashboard (Public).

Available options:
Public,
Private
owner_type
enum<string>
required

The type of entity that owns the key. Always Developer.

Available options:
Developer
owner_id
string<uuid>
required

The developer ID that owns the key.

prefix
enum<string>
required

The environment prefix of the key. sk-live in production, sk-test in sandbox.

Available options:
sk-live,
sk-test
last_4
string
required

The last four characters of the key, shown alongside the prefix for disambiguation in audit logs.

state
enum<string>
required

Lifecycle state of the key.

Available options:
Active,
Deleted
created_at
string<date-time>
required
updated_at
string<date-time>
required
scopes
string[]
required

The scopes authorized on this key. A single-element list containing bridge:api_unrestricted denotes an unrestricted key (all standard scopes). Any other list denotes a scoped key.

value
string
required

The plaintext secret for this API key. Store it securely — it cannot be retrieved again.

Example:

"sk-live-0123456789abcdef0123456789ab9f2c"