Generate a new API key. The raw key value is returned exactly once
in the response — store it securely. Tumban only retains the SHA-256
hash.
POST /api/v2/org/api-keys
Request body
Human-readable label for the key. Shown in the dashboard and on
List API keys. Response
Stable identifier (key_<16-hex>). Use it to revoke the key later.
The label you provided (or default).
The raw API key value, prefixed sk_. Returned only here, never
again.
Example
curl -X POST https://api-v2.tumban.com/api/v2/org/api-keys \
-H "Authorization: Bearer <your-token>" \
-H "Content-Type: application/json" \
-d '{"name": "ci-pipeline"}'
201 Created.
{
"key_id": "key_a1b2c3d4e5f6a7b8",
"name": "ci-pipeline",
"key": "sk_4f8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b",
"created_at": "2026-04-29T12:00:00.123456+00:00"
}
The key value is shown only on creation. If you lose it, revoke the
key and create a new one — there is no recovery.
Using the dashboard
Open API Keys
From the sidebar, click API Keys.
Name and create
In the Create New Key tile, enter a label in the Key name
field (placeholder Key name (e.g. production)) and press
Create Key.
Copy the key
The full key appears once in the highlighted box, with the prompt
“New key — copy it now. It won’t be shown again.” Click Copy.
Tumban only stores the SHA-256 hash; if you lose the value you must
revoke and create a new key.
