Mint a new rsk_ API key
Creates a new `rsk_live_*` token. The full token is returned **once** and is never stored in plaintext. - `projects: "all"` requires `org_keys:write` scope or org admin/owner role. - `projects: [...]` requires project membership for all listed project IDs. Canonical endpoint (supersedes deprecated `POST /api/org/api-keys`).
Authorization
rsk_Bearer Rensei API key. Format: rsk_live_<random>. Generated in Settings or via POST /api/org/{orgId}/keys. Used by CLI (af), daemon, and programmatic integrations.
In: header
Path Parameters
Must match the authenticated org.
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
application/json
application/json
application/json
curl -X POST "https://example.com/api/org/string/keys" \ -H "Content-Type: application/json" \ -d '{ "name": "string", "projects": "all" }'{
"key": {
"id": "string",
"orgId": "string",
"name": "string",
"keyPrefix": "string",
"scopes": [
"string"
],
"projectIds": "all",
"createdAt": "2019-08-24T14:15:22Z",
"expiresAt": "2019-08-24T14:15:22Z",
"fullKey": "string"
}
}{
"error": "Session not found"
}{
"error": "Session not found"
}{
"error": "Session not found"
}Issue M2M access token (client_credentials)
OAuth 2.0 `client_credentials` grant. Accepts both `application/x-www-form-urlencoded` and `application/json` bodies. Returns a short-lived `Bearer` access token. M2M clients are provisioned in the admin panel (`POST /api/admin/m2m-clients`).
A2A peer-discovery AgentCard
Fully unauthenticated (public) per the A2A spec. Two modes: - No query param: platform-level AgentCard (`scope='system'` rows). - `?org=<slug>`: per-org AgentCard (`scope='org'` cards with `trust.publish_to_a2a=true`). `Cache-Control: no-store` on all responses.