Skip to main content
POST
/
api
/
v1
/
apikey
Create API Key
curl --request POST \
  --url https://api.example.com/api/v1/apikey \
  --header 'Content-Type: application/json' \
  --data '
{
  "keyName": "<string>",
  "permissions": [
    {}
  ]
}
'
{
  "400": {},
  "401": {},
  "403": {},
  "412": {},
  "500": {},
  "id": "<string>",
  "keyName": "<string>",
  "apiKey": "<string>",
  "permissions": [
    {}
  ],
  "createdDate": {},
  "workspaceId": "<string>"
}
Create a new API key for authenticating requests to Flowise. API keys can be scoped with specific permissions.

Request Body

keyName
string
required
User-defined name for the API key
permissions
array
required
Array of permission strings to grant to this API key. Must be a non-empty array of strings.

Response

id
string
Unique identifier for the created API key
keyName
string
Name of the API key
apiKey
string
The API key value - save this immediately as it won’t be shown again
permissions
array
Array of granted permissions
createdDate
timestamp
When the API key was created
workspaceId
string
ID of the workspace containing this API key

Example Request - Execute Only

curl -X POST \
  'https://your-flowise-instance.com/api/v1/apikey' \
  -H 'Authorization: Bearer YOUR_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{
    "keyName": "Production Execute Key",
    "permissions": [
      "chatflows:execute",
      "agentflows:execute"
    ]
  }'

Example Request - Full Access

curl -X POST \
  'https://your-flowise-instance.com/api/v1/apikey' \
  -H 'Authorization: Bearer YOUR_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{
    "keyName": "Development Full Access",
    "permissions": [
      "chatflows:view",
      "chatflows:create",
      "chatflows:update",
      "chatflows:delete",
      "chatflows:execute",
      "agentflows:view",
      "agentflows:create",
      "agentflows:update",
      "agentflows:delete",
      "agentflows:execute",
      "credentials:view",
      "credentials:create",
      "tools:view",
      "tools:create"
    ]
  }'

Example Response

{
  "id": "key-789",
  "keyName": "Production Execute Key",
  "apiKey": "fsk_1234567890abcdefghijklmnopqrstuvwxyz",
  "permissions": [
    "chatflows:execute",
    "agentflows:execute"
  ],
  "createdDate": "2024-01-20T16:30:00Z",
  "updatedDate": "2024-01-20T16:30:00Z",
  "workspaceId": "workspace-123"
}

Available Permissions

Execution Permissions

  • chatflows:execute - Execute chatflows via API
  • agentflows:execute - Execute agentflows via API

Management Permissions

  • chatflows:view - View chatflow configurations
  • chatflows:create - Create new chatflows
  • chatflows:update - Update existing chatflows
  • chatflows:delete - Delete chatflows
  • agentflows:view - View agentflow configurations
  • agentflows:create - Create new agentflows
  • agentflows:update - Update existing agentflows
  • agentflows:delete - Delete agentflows

Resource Permissions

  • credentials:view / credentials:create / credentials:update / credentials:delete
  • tools:view / tools:create / tools:update / tools:delete
  • documentStores:view / documentStores:create / documentStores:update / documentStores:delete
  • apikeys:view / apikeys:create / apikeys:update / apikeys:delete

Best Practices

Save your API key immediately! The full key is only shown once during creation. After that, it will be masked for security.
  1. Principle of Least Privilege - Grant only the permissions needed
  2. Separate Keys by Use Case - Create different keys for different applications
  3. Rotate Regularly - Delete and recreate keys periodically
  4. Secure Storage - Store keys in environment variables or secret managers
  5. Monitor Usage - Track API key usage for security

Common Permission Sets

Public Execution Key

For embedding chatbots: 
["chatflows:execute", "agentflows:execute"]

Development Key

For testing and development: 
[
  "chatflows:view", "chatflows:create", "chatflows:update", "chatflows:execute",
  "agentflows:view", "agentflows:create", "agentflows:update", "agentflows:execute"
]

Admin Key

For administrative operations: 
[
  "chatflows:view", "chatflows:create", "chatflows:update", "chatflows:delete",
  "agentflows:view", "agentflows:create", "agentflows:update", "agentflows:delete",
  "credentials:view", "credentials:create", "credentials:update", "credentials:delete",
  "tools:view", "tools:create", "tools:update", "tools:delete",
  "apikeys:view", "apikeys:create", "apikeys:update", "apikeys:delete"
]

Error Responses

400
error
Bad Request - Missing keyName or permissions, or permissions not a non-empty array of strings
401
error
Unauthorized - Invalid or missing authentication
403
error
Forbidden - Insufficient permissions to create API keys
412
error
Precondition Failed - Request validation failed
500
error
Internal Server Error - Error creating API key

Build docs developers (and LLMs) love

Get started for freeTalk to us