API ReferenceManagementAccess Keys
POST
/v1/mgmt/accesskey/create

Authorization

Descope Project ID and Management Key
AuthorizationBearer <token>

Project ID:Management Key as bearer token.

In: header

Request Body

application/json

name?string
expireTime?string
roleNames?array<string>
string
keyTenants?array<managementv1.AssociatedTenant>
userId?string
customClaims?object

Custom claims to include in the JWT as key-value pairs. Keys must be strings; values can be strings, numbers, or booleans.

Example{ "claim-name": "claim-value" }
description?string
permittedIps?array<string>
string
customAttributes?object

Custom attributes as key-value pairs. Keys must be strings; values can be strings, numbers, booleans, or arrays.

Example{ "attribute-key": "attribute-value" }

Create an access key, using a valid management key.

This API endpoint allows administrators to create an access key.

During the creation of the access key, you can set the name, expiration time, roles and tenant:role pairs to associated with the key.

Next Steps

Once you have the access key, you can utilize it to configure external items such as SCIM, or use it to exchange for a JWT.

See also

curl -X POST "https://api.descope.com/v1/mgmt/accesskey/create" \  -H "Content-Type: application/json" \  -d '{}'
{  "cleartext": "string",  "key": {    "id": "string",    "name": "string",    "roleNames": [      "string"    ],    "keyTenants": [      {        "tenantId": "string",        "roleNames": [          "string"        ],        "tenantName": "string"      }    ],    "status": "string",    "createdTime": 0,    "expireTime": 0,    "createdBy": "string",    "clientId": "string",    "boundUserId": "string",    "customClaims": {      "claim-name": "claim-value"    },    "editable": true,    "description": "string",    "permittedIps": [      "string"    ],    "customAttributes": {      "attribute-key": "attribute-value"    }  }}
export interface Response {cleartext?: stringkey?: {id?: stringname?: stringroleNames?: string[]keyTenants?: AssociatedTenantAK[]status?: stringcreatedTime?: numberexpireTime?: numbercreatedBy?: stringclientId?: stringboundUserId?: string/** * Custom claims to include in the JWT as key-value pairs. Keys must be strings; values can be strings, numbers, or booleans. */customClaims?: {[k: string]: string}editable?: booleandescription?: stringpermittedIps?: string[]/** * Custom attributes as key-value pairs. Keys must be strings; values can be strings, numbers, booleans, or arrays. */customAttributes?: {[k: string]: string}}}export interface AssociatedTenantAK {tenantId?: stringroleNames?: string[]tenantName?: string}
Was this helpful?

Search Access Keys POST

### Search access keys, using a valid management key. This API endpoint allows administrators to search for details of existing access keys for a given array of tenants. The response contains an array of details for the access keys returned by the search including associated roles and tenants as well as details of the key's creation, status, and expiration. ### Next Steps Once you have this data, you can utilize the response to [Update an access key](/api/management/access-keys/update-access-key), [Activate an access key](/api/management/access-keys/activate-access-key), [Deactivate an access key](/api/management/access-keys/deactivate-access-key), or [Delete an access key](/api/management/access-keys/delete-access-key). ### See also - See [Access Key Management](/access-keys) for further details on managing access keys.

Update Access Key POST

### Update an existing access key, using a valid management key. This API endpoint allows administrators to update an existing access key. With this endpoint, you can only update the access key's name. ### See also - See [Access Key Management](/access-keys) for further details on managing access keys.