Skip to main content
POST
/
v2
/
accounts
/
{account_id}
/
api-keys
AhaSend Go SDK
package main

import (
  "context"
  "fmt"
  "log"

  "github.com/AhaSend/ahasend-go/api"
  "github.com/AhaSend/ahasend-go/models/requests"
  "github.com/google/uuid"
)

func main() {
  // Create API client with authentication
  client := api.NewAPIClient(
    api.WithAPIKey("aha-sk-your-64-character-key"),
  )

  accountID := uuid.New()

  // Create context for the API call
  ctx := context.Background()

  // Create a new API key
  response, httpResp, err := client.APIKeysAPI.CreateAPIKey(
    ctx,
    accountID,
    requests.CreateAPIKeyRequest{
      Label: "My API Key",
      Scopes: []string{
        "messages:read:all",
        "domains:read",
      },
      // Optional: restrict this key to specific source IPs (CIDR
      // blocks or bare IPv4/IPv6 addresses). Omit or leave empty to
      // allow the key to be used from any IP.
      IPAllowList: []string{"203.0.113.0/24", "198.51.100.7"},
    },
  )
  if err != nil {
    log.Fatalf("Error creating API key: %v", err)
  }

  // Check response
  if httpResp.StatusCode == 201 {
    fmt.Printf("✅ Status: %d\n", httpResp.StatusCode)
    // SecretKey is the one-time secret, returned ONLY on create.
    if response != nil && response.SecretKey != nil {
      // Store this value immediately — it cannot be retrieved again later.
      fmt.Printf("Created API key, secret key: %s\n", *response.SecretKey)
    }
  } else {
    fmt.Printf("❌ Unexpected status code: %d\n", httpResp.StatusCode)
  }
}
{
  "object": "api_key",
  "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "created_at": "2023-11-07T05:31:56Z",
  "updated_at": "2023-11-07T05:31:56Z",
  "account_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "label": "<string>",
  "public_key": "<string>",
  "scopes": [
    {
      "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "created_at": "2023-11-07T05:31:56Z",
      "updated_at": "2023-11-07T05:31:56Z",
      "api_key_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "scope": "<string>",
      "domain_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a"
    }
  ],
  "ip_allow_list": [
    "<string>"
  ],
  "last_used_at": "2023-11-07T05:31:56Z",
  "secret_key": "<string>"
}

Authorizations

Authorization
string
header
required

API key for authentication

Headers

Idempotency-Key
string

Optional idempotency key for safe request retries. Must be a unique string for each logical request. Requests with the same key will return the same response. Keys for non-secret responses expire after 24 hours. API-key create responses include a one-time secret_key, so their encrypted replay responses expire after 5 minutes.

Maximum string length: 255

Path Parameters

account_id
string<uuid>
required

Account ID

Body

application/json
label
string
required

Human-readable label for the API key; must not be empty

Required string length: 1 - 255
scopes
string[]
required

Array of scope strings to grant to this API key

Minimum array length: 1
ip_allow_list
string[]

Optional list of source IPs allowed to authenticate with this key. Each entry is a CIDR block (e.g. 203.0.113.0/24) or a bare IPv4/IPv6 address (stored as a /32 or /128). Entries are canonicalized (host bits are masked) and de-duplicated. The allow-all prefixes 0.0.0.0/0 and ::/0 are rejected, and at most 100 entries are allowed after de-duplication. Omit the field or pass an empty array to leave the key usable from any IP.

Response

API key created successfully

object
enum<string>
required

Object type identifier

Available options:
api_key
id
string<uuid>
required

Unique identifier for the API key

created_at
string<date-time>
required

When the API key was created

updated_at
string<date-time>
required

When the API key was last updated

account_id
string<uuid>
required

Account ID this API key belongs to

label
string
required

Human-readable label for the API key

public_key
string
required

Public portion of the API key

scopes
object[]
required

Scopes granted to this API key

ip_allow_list
string[]
required

Source IPs allowed to authenticate with this API key, as canonical CIDR blocks (a bare address is stored as a /32 for IPv4 or /128 for IPv6). Always present; an empty array means the key may be used from any source IP. When non-empty, an authenticated request whose client IP is not covered by an entry is rejected with HTTP 403 on every v2 endpoint, regardless of the key's scopes.

last_used_at
string<date-time> | null

When the API key was last used (updates every 5-10 minutes)

secret_key
string

Secret key. Only returned when an API key is created, including exact idempotent replays of create requests within the 5-minute secret-bearing replay window. Store it immediately; list, get, update, and delete responses omit it.