Yandex Cloud
Search
Contact UsGet started
  • Blog
  • Pricing
  • Documentation
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • ML & AI
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Customer Stories
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
    • Yandex Cloud Partner program
  • Blog
  • Pricing
  • Documentation
© 2025 Direct Cursus Technology L.L.C.
Yandex Identity and Access Management
  • Secure use of Yandex Cloud
  • Access management
  • Pricing policy
  • Role reference
  • Terraform reference
    • Authentication with the API
      • Overview
        • Overview
        • List
        • Get
        • Create
        • Update
        • Delete
        • ListOperations
        • ListScopes
  • Monitoring metrics
  • Audit Trails events
  • Release notes

In this article:

  • HTTP request
  • Body parameters
  • Response
  • ApiKey
  1. API reference
  2. REST
  3. ApiKey
  4. Create

Identity and Access Management API, REST: ApiKey.Create

Written by
Yandex Cloud
Updated at March 26, 2025
  • HTTP request
  • Body parameters
  • Response
  • ApiKey

Creates an API key for the specified service account.

HTTP requestHTTP request

POST https://iam.api.cloud.yandex.net/iam/v1/apiKeys

Body parametersBody parameters

{
  "serviceAccountId": "string",
  "description": "string",
  "scope": "string",
  "scopes": [
    "string"
  ],
  "expiresAt": "string"
}

Field

Description

serviceAccountId

string

ID of the service account to create an API key for.
To get the service account ID, use a yandex.cloud.iam.v1.ServiceAccountService.List request.
If not specified, it defaults to the subject that made the request.

description

string

Description of the API key.

scopes[]

string

Scopes of the API key.

expiresAt

string (date-time)

API key expiration timestamp, if not specified, then the API key doesn't expire

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

ResponseResponse

HTTP Code: 200 - OK

{
  "apiKey": {
    "id": "string",
    "serviceAccountId": "string",
    "createdAt": "string",
    "description": "string",
    "lastUsedAt": "string",
    "scope": "string",
    "scopes": [
      "string"
    ],
    "expiresAt": "string"
  },
  "secret": "string"
}

Field

Description

apiKey

ApiKey

ApiKey resource.

secret

string

Secret part of the API key. This secret key you may use in the requests for authentication.

ApiKeyApiKey

An ApiKey resource. For more information, see Api-Key.

Field

Description

id

string

ID of the API Key.

serviceAccountId

string

ID of the service account that the API key belongs to.

createdAt

string (date-time)

Creation timestamp.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

description

string

Description of the API key. 0-256 characters long.

lastUsedAt

string (date-time)

Timestamp for the last authentication using this API key.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

scopes[]

string

Scopes of the API key. 0-256 characters long.

expiresAt

string (date-time)

API key expiration timestamp.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

Was the article helpful?

Previous
Get
Next
Update
© 2025 Direct Cursus Technology L.L.C.