> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bayse.markets/llms.txt
> Use this file to discover all available pages before exploring further.

# Create API key

> Create a new API key pair for programmatic access

## Authentication

Requires `x-auth-token` and `x-device-id` headers. Obtain these by calling the [login endpoint](/api-reference/user/login) with your Bayse account credentials.

<Note>
  You can also create API keys in the Bayse web app at [app.bayse.markets/settings/api-keys](https://app.bayse.markets/settings/api-keys), or in the web app, via **More** > **Account Settings** > **API Keys** in the **Developer Tool** section. Use this endpoint when you want to create keys programmatically.
</Note>

## Request body

<ParamField body="name" type="string" required>
  A descriptive label for this key (e.g. `"Production"`, `"Trading bot"`). Each API key must have a unique name in your account.
</ParamField>

## Example request

<CodeGroup>
  ```bash cURL theme={null}
  curl -X POST https://relay.bayse.markets/v1/user/me/api-keys \
    -H "x-auth-token: YOUR_AUTH_TOKEN" \
    -H "x-device-id: YOUR_DEVICE_ID" \
    -H "Content-Type: application/json" \
    -d '{"name": "Trading bot"}'
  ```

  ```javascript Node.js theme={null}
  const response = await fetch('https://relay.bayse.markets/v1/user/me/api-keys', {
    method: 'POST',
    headers: {
      'x-auth-token': 'YOUR_AUTH_TOKEN',
      'x-device-id': 'YOUR_DEVICE_ID',
      'Content-Type': 'application/json',
    },
    body: JSON.stringify({ name: 'Trading bot' }),
  });
  const { publicKey, secretKey } = await response.json();
  ```

  ```python Python theme={null}
  import requests

  resp = requests.post(
      'https://relay.bayse.markets/v1/user/me/api-keys',
      headers={
          'x-auth-token': 'YOUR_AUTH_TOKEN',
          'x-device-id': 'YOUR_DEVICE_ID',
      },
      json={'name': 'Trading bot'},
  )
  data = resp.json()
  ```

  ```go Go theme={null}
  body := strings.NewReader(`{"name":"Trading bot"}`)
  req, _ := http.NewRequest("POST", "https://relay.bayse.markets/v1/user/me/api-keys", body)
  req.Header.Set("x-auth-token", "YOUR_AUTH_TOKEN")
  req.Header.Set("x-device-id", "YOUR_DEVICE_ID")
  req.Header.Set("Content-Type", "application/json")
  resp, _ := http.DefaultClient.Do(req)
  ```
</CodeGroup>

## Response

<ResponseField name="id" type="string">
  Unique identifier for this API key.
</ResponseField>

<ResponseField name="name" type="string">
  The name you provided.
</ResponseField>

<ResponseField name="publicKey" type="string">
  Public key (`pk_*`) — include this in the `X-Public-Key` header on all authenticated requests.
</ResponseField>

<ResponseField name="secretKey" type="string">
  Secret key (`sk_*`) — use this to generate HMAC signatures. **Only returned on creation.**
</ResponseField>

<ResponseField name="signingInstructions" type="object">
  Instructions for generating valid request signatures.

  <Expandable title="signingInstructions fields">
    <ResponseField name="algorithm" type="string">
      Signing algorithm — `"HMAC-SHA256"`.
    </ResponseField>

    <ResponseField name="headers" type="array">
      Headers required for write authentication.
    </ResponseField>

    <ResponseField name="payloadFormat" type="string">
      Format of the value to sign — `"{timestamp}.{method}.{path}.{bodyHash}"`.
    </ResponseField>

    <ResponseField name="timestampWindowSeconds" type="integer">
      Maximum age of a timestamp before the signature is rejected.
    </ResponseField>
  </Expandable>
</ResponseField>

<ResponseField name="createdAt" type="string">
  ISO 8601 creation timestamp.
</ResponseField>

<ResponseExample>
  ```json 201 Created theme={null}
  {
    "id": "3f7a1b2c-d4e5-6789-abcd-ef0123456789",
    "name": "Trading bot",
    "publicKey": "pk_live_abcdef123456",
    "secretKey": "sk_live_secret789xyz",
    "signingInstructions": {
      "algorithm": "HMAC-SHA256",
      "headers": ["X-Public-Key", "X-Timestamp", "X-Signature"],
      "payloadFormat": "{timestamp}.{method}.{path}.{bodyHash}",
      "timestampWindowSeconds": 300
    },
    "createdAt": "2026-02-17T10:30:00Z"
  }
  ```
</ResponseExample>

<Warning>
  The `secretKey` is only shown once. Store it securely — it cannot be retrieved again. If lost, rotate the key to generate a new one.
</Warning>
