Skip to main content
POST
/
api-keys
Create API key
curl --request POST \
  --url https://xquik.com/api/v1/api-keys \
  --header 'Content-Type: <content-type>' \
  --data '
{
  "name": "<string>"
}
'
import requests

url = "https://xquik.com/api/v1/api-keys"

payload = { "name": "<string>" }
headers = {"Content-Type": "<content-type>"}

response = requests.post(url, json=payload, headers=headers)

print(response.text)
const options = {
method: 'POST',
headers: {'Content-Type': '<content-type>'},
body: JSON.stringify({name: '<string>'})
};

fetch('https://xquik.com/api/v1/api-keys', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
package main

import (
"fmt"
"strings"
"net/http"
"io"
)

func main() {

url := "https://xquik.com/api/v1/api-keys"

payload := strings.NewReader("{\n \"name\": \"<string>\"\n}")

req, _ := http.NewRequest("POST", url, payload)

req.Header.Add("Content-Type", "<content-type>")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
Free - does not consume credits
Store fullKey immediately and log only id and prefix.
response=$(curl -sS -X POST https://xquik.com/api/v1/api-keys \
  -H "Cookie: session_token=YOUR_SESSION_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "Production"}')
full_key=$(jq -r '.fullKey' <<<"$response")
key_id=$(jq -r '.id' <<<"$response")
key_prefix=$(jq -r '.prefix' <<<"$response")
# Store $full_key in your secret manager; do not print it in logs.
printf 'Created API key %s (%s)\n' "$key_id" "$key_prefix"
const response = await fetch("https://xquik.com/api/v1/api-keys", {
  method: "POST",
  headers: {
    "Cookie": "session_token=YOUR_SESSION_TOKEN",
    "Content-Type": "application/json",
  },
  body: JSON.stringify({ name: "Production" }),
});
const key = await response.json();
const apiKey = key.fullKey;
// Store apiKey in your secret manager; do not print it in logs.
process.stdout.write(`Created API key ${key.id} (${key.prefix})\n`);
import requests

response = requests.post(
    "https://xquik.com/api/v1/api-keys",
    cookies={"session_token": "YOUR_SESSION_TOKEN"},
    json={"name": "Production"},
)
key = response.json()
api_key = key["fullKey"]
# Store api_key in your secret manager; do not print it in logs.
print(f"Created API key {key['id']} ({key['prefix']})")
package main

import (
  "bytes"
  "encoding/json"
  "fmt"
  "log"
  "net/http"
)

func main() {
  body, err := json.Marshal(map[string]string{"name": "Production"})
  if err != nil {
    log.Fatal(err)
  }

  req, err := http.NewRequest("POST", "https://xquik.com/api/v1/api-keys", bytes.NewReader(body))
  if err != nil {
    log.Fatal(err)
  }
  req.Header.Set("Content-Type", "application/json")
  req.AddCookie(&http.Cookie{Name: "session_token", Value: "YOUR_SESSION_TOKEN"})

  resp, err := http.DefaultClient.Do(req)
  if err != nil {
    log.Fatal(err)
  }
  defer resp.Body.Close()

  var key map[string]string
  if err := json.NewDecoder(resp.Body).Decode(&key); err != nil {
    log.Fatal(err)
  }

  apiKey := key["fullKey"]
  // Store apiKey in your secret manager; do not print it in logs.
  _ = apiKey
  fmt.Printf("Created API key %s (%s)\n", key["id"], key["prefix"])
}

Headers

Dashboard session cookie. Format: session_token=YOUR_SESSION_TOKEN.
x-api-key
string
API key for the same account. Use this instead of Cookie for automated key rotation.
Authorization
string
OAuth bearer token for the same account. Format: Bearer YOUR_TOKEN.
Content-Type
string
required
Must be application/json.

Body

name
string
Display name for the key. Defaults to "Default" if omitted.

Response

id
string
Unique identifier for the API key.
fullKey
string
The complete API key including the xq_ prefix.
prefix
string
First 8 characters of the key including the xq_ prefix (e.g. "xq_a1b2").
name
string
Display name of the key.
createdAt
string
ISO 8601 creation timestamp.
{
  "id": "42",
  "fullKey": "xq_YOUR_KEY_HERE",
  "prefix": "xq_a1b2",
  "name": "Production",
  "createdAt": "2026-02-24T10:30:00.000Z"
}
The fullKey is returned only once. Store it securely. It cannot be retrieved again.
Use a dashboard session cookie to create the first API key. Existing API keys and OAuth bearer tokens can create additional keys for the same account.Related: List API Keys · Revoke API Key
Last modified on May 17, 2026