> ## Documentation Index
> Fetch the complete documentation index at: https://docs.runloop.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a restricted API key.

> Create a restricted API key with specific resource scopes. Use a standard API key (ak_) or a restricted key (rk_) with RESOURCE_TYPE_ACCOUNT write scope.



## OpenAPI

````yaml /openapi-specs/stainless-processed-openapi.json post /v1/restricted_keys
openapi: 3.1.0
info:
  title: RunLoop API
  version: '0.1'
  description: >-
    The RunLoop API spec that allows you to host lambda functions and Devboxes
    to enable scaled long running ai workflows.
  contact:
    name: Runloop AI Support
    url: https://runloop.ai
    email: support@runloop.ai
servers:
  - url: https://api.runloop.ai
    description: Runloop API
    variables: {}
security:
  - bearerAuth: []
tags:
  - name: Benchmark
  - name: Blueprint
  - name: Blueprint-Lifecycle
  - name: Blueprint-ObservabilityTools
  - name: Devbox
  - name: Devbox-FileTools
  - name: Devbox-Lifecycle
  - name: Devbox-NetworkTools
  - name: Devbox-ObservabilityTools
  - name: Devbox-PersistenceTools
  - name: Devbox-ShellTools
  - name: Scenario
  - name: ScenarioScorer
  - name: accounts
  - name: agents
  - name: apikeys
  - name: axons
  - name: executions
  - name: gateway-configs
  - name: mcp-configs
  - name: network-policies
  - name: objects
  - name: restricted_keys
  - name: secrets
  - name: streaming
paths:
  /v1/restricted_keys:
    post:
      tags:
        - restricted_keys
      summary: Create a restricted API key.
      description: >-
        Create a restricted API key with specific resource scopes. Use a
        standard API key (ak_) or a restricted key (rk_) with
        RESOURCE_TYPE_ACCOUNT write scope.
      operationId: createRestrictedKey
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/RestrictedKeyCreateParameters'
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RestrictedKeyCreatedView'
        '400':
          description: Invalid scopes.
      x-codeSamples:
        - lang: JavaScript
          source: >-
            import Runloop from '@runloop/api-client';


            const client = new Runloop({
              bearerToken: process.env['RUNLOOP_API_KEY'], // This is the default and can be omitted
            });


            const restrictedKeyCreatedView = await
            client.restrictedKeys.create();


            console.log(restrictedKeyCreatedView.id);
        - lang: Python
          source: |-
            import os
            from runloop_api_client import Runloop

            client = Runloop(
                bearer_token=os.environ.get("RUNLOOP_API_KEY"),  # This is the default and can be omitted
            )
            restricted_key_created_view = client.restricted_keys.create()
            print(restricted_key_created_view.id)
components:
  schemas:
    RestrictedKeyCreateParameters:
      type: object
      properties:
        name:
          type: string
        scopes:
          type: array
          items:
            $ref: '#/components/schemas/ScopeEntryView'
        expires_at_ms:
          format: int64
          type:
            - integer
            - 'null'
    RestrictedKeyCreatedView:
      type: object
      properties:
        id:
          type: string
        name:
          type: string
        key_secret:
          type: string
        scopes:
          type: array
          items:
            $ref: '#/components/schemas/ScopeEntryView'
        expires_at_ms:
          format: int64
          type:
            - integer
            - 'null'
    ScopeEntryView:
      type: object
      properties:
        resource_type:
          $ref: '#/components/schemas/ApiResourceType'
        access_level:
          $ref: '#/components/schemas/ApiAccessLevel'
    ApiResourceType:
      type: string
      enum:
        - RESOURCE_TYPE_DEVBOXES
        - RESOURCE_TYPE_BLUEPRINTS
        - RESOURCE_TYPE_SNAPSHOTS
        - RESOURCE_TYPE_BENCHMARKS
        - RESOURCE_TYPE_SCENARIOS
        - RESOURCE_TYPE_AGENTS
        - RESOURCE_TYPE_OBJECTS
        - RESOURCE_TYPE_ACCOUNT
    ApiAccessLevel:
      type: string
      enum:
        - ACCESS_LEVEL_NONE
        - ACCESS_LEVEL_READ
        - ACCESS_LEVEL_WRITE
  securitySchemes:
    bearerAuth:
      scheme: bearer
      type: http

````