> ## Documentation Index
> Fetch the complete documentation index at: https://docs.deribit.com/llms.txt
> Use this file to discover all available pages before exploring further.
## Submitting Feedback
If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback:
POST https://docs.deribit.com/feedback
```json
{
"path": "/api-reference/account-management/private-create_api_key",
"feedback": "Description of the issue"
}
```
Only submit feedback when you have something specific and actionable to report.
# private/create_api_key
> Creates a new API key with the specified scope and permissions. API keys are used for programmatic access to the Deribit API and can be restricted to specific operations and IP addresses.
The response includes both the API key ID and the secret key. Store the secret securely as it will not be displayed again. You can view the API key details (without the secret) using the `list_api_keys` method.
**[TFA required](https://docs.deribit.com/articles/security-keys)**
**📖 Related Articles:**
- [Creating new API key on Deribit](https://docs.deribit.com/articles/creating-api-key)
- [Access Scope](https://docs.deribit.com/articles/access-scope)
**Scope:** `account:read_write`
[Try in API console](https://test.deribit.com/api_console?method=%2Fprivate%2Fcreate_api_key)
## OpenAPI
````yaml /specifications/deribit_openapi.json get /private/create_api_key
openapi: 3.0.0
info:
title: Deribit API
version: 2.1.1
servers:
- url: https://test.deribit.com/api/v2
security: []
tags:
- name: WebSocket Only
description: Can only be used over websockets.
- name: Public
description: Public methods can be used without authentication.
- name: Private
description: >-
Private methods require authentication. All requests must include a
valid OAuth2 token.
A token can be requested using the /public/auth method.
When using the websockets protocol, the token must be included as a
parameter access_token in the message. When using REST (HTTP
GET), the token may also be passed in the Authorization
header.
- name: Authentication
- name: Session Management
- name: Subscription Management
description: >-
Subscription works as [notifications](#notifications), so users will
automatically (after subscribing) receive messages from the server.
Overview for each channel response format is described in
[subscriptions](#subscriptions) section.
- name: Account Management
- name: Trading
- name: Market Data
- name: Wallet
- name: Chat
paths:
/private/create_api_key:
get:
tags:
- Account Management
- Private
description: >+
Creates a new API key with the specified scope and permissions. API keys
are used for programmatic access to the Deribit API and can be
restricted to specific operations and IP addresses.
The response includes both the API key ID and the secret key. Store the
secret securely as it will not be displayed again. You can view the API
key details (without the secret) using the `list_api_keys` method.
**[TFA required](https://docs.deribit.com/articles/security-keys)**
**📖 Related Articles:**
- [Creating new API key on
Deribit](https://docs.deribit.com/articles/creating-api-key)
- [Access Scope](https://docs.deribit.com/articles/access-scope)
**Scope:** `account:read_write`
[Try in API
console](https://test.deribit.com/api_console?method=%2Fprivate%2Fcreate_api_key)
parameters:
- name: max_scope
in: query
required: true
schema:
$ref: '#/components/schemas/max_scope'
description: >
Describes maximal access for tokens generated with given key. If
scope is not provided, its value is set as none.
**📖 Related Article:** [Access
Scope](https://docs.deribit.com/articles/access-scope)
- name: name
in: query
schema:
type: string
example: TestName
description: >-
Name of key (only letters, numbers and underscores allowed; maximum
length - 16 characters)
required: false
- name: public_key
in: query
required: false
schema:
type: string
example: |-
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAM7FWhKquNqLmTOV4hfYT5r3AjrYiORTT6Tn5HIfFNV8=
-----END PUBLIC KEY-----
description: >-
ED25519 or RSA PEM Encoded public key that should be used to create
asymmetric API Key for signing requests/authentication requests with
user's private key.
**📖 Related Article:** [Asymmetric API
keys](https://docs.deribit.com/articles/asymmetric-api-keys)
- name: enabled_features
in: query
required: false
schema:
type: array
items:
type: string
enum:
- restricted_block_trades
- block_trade_approval
description: >-
List of enabled advanced on-key features. Available options:
-
`restricted_block_trades`: Limit the block_trade read the scope of
the API key to block trades that have been made using this specific
API key
- `block_trade_approval`: Block trades created using
this API key require additional user approval. Methods that use
`block_rfq` scope are not affected by Block Trade approval
feature
style: form
explode: true
requestBody:
content:
application/json:
examples:
request:
value:
jsonrpc: '2.0'
id: 8974
method: private/create_api_key
params:
name: Public key 1
max_scope: account:read trade:read block_trade:read_write wallet:none
public_key: >-
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAM7FWhKquNqLmTOV4hfYT5r3AjrYiORTT6Tn5HIfFNV8=
-----END PUBLIC KEY-----
description: JSON-RPC Request Example
description: JSON-RPC request body
responses:
'200':
$ref: '#/components/responses/PrivateApiKeyResponse'
components:
schemas:
max_scope:
items:
type: string
example:
- account:read
- trade:read
- block_trade:read_write
- wallet:none
type: array
description: >
Describes maximal access for tokens generated with given key. If scope
is not provided, its value is set as none.
**📖 Related Article:** [Access
Scope](https://docs.deribit.com/articles/access-scope)
PrivateApiKeyResponse:
properties:
jsonrpc:
type: string
enum:
- '2.0'
description: The JSON-RPC version (2.0)
id:
type: integer
description: The id that was sent in the request
result:
$ref: '#/components/schemas/api_key'
required:
- jsonrpc
- result
type: object
api_key:
properties:
id:
$ref: '#/components/schemas/key_id'
timestamp:
$ref: '#/components/schemas/timestamp'
client_id:
$ref: '#/components/schemas/client_id'
client_secret:
$ref: '#/components/schemas/client_secret'
public_key:
$ref: '#/components/schemas/public_key'
max_scope:
$ref: '#/components/schemas/max_scope'
enabled:
$ref: '#/components/schemas/api_key_enabled'
default:
$ref: '#/components/schemas/api_key_default'
name:
$ref: '#/components/schemas/api_key_name'
enabled_features:
$ref: '#/components/schemas/api_key_features'
ip_whitelist:
type: array
description: List of IP addresses whitelisted for a selected key
required:
- id
- timestamp
- client_id
- client_secret
- max_scope
- default
type: object
key_id:
example: 1
type: integer
description: Key identifier
timestamp:
example: 1536569522277
type: integer
description: The timestamp (milliseconds since the Unix epoch)
client_id:
example: IY2D68DS
type: string
description: Client identifier used for authentication
client_secret:
example: P9Z_c73KaBPwpoTVfsXzehAhjhdJn5kM7Zlz_hhDhE8
type: string
description: Client secret or MD5 fingerprint of public key used for authentication
public_key:
example: >-
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEApajFN0CSwIaaiIRPiFbiYYvpsLQLSccSLLsKPe984sc= -----END
PUBLIC KEY-----
type: string
description: >-
PEM encoded public key (Ed25519/RSA) used for asymmetric signatures
(optional)
api_key_enabled:
example: true
type: boolean
description: Informs whether api key is enabled and can be used for authentication
api_key_default:
example: false
type: boolean
description: >-
Informs whether this api key is default (field is deprecated and will be
removed in the future)
api_key_name:
example: TestName
type: string
description: Api key name that can be displayed in transaction log
api_key_features:
items:
type: string
type: array
description: >-
List of enabled advanced on-key features.
Available
options:
- restricted_block_trades: Limit the
block_trade read the scope of the API key to block trades that have been
made using this specific API key
- block_trade_approval:
Block trades created using this API key require additional user
approval. Methods that use block_rfq scope are not affected
by Block Trade approval feature
responses:
PrivateApiKeyResponse:
content:
application/json:
schema:
$ref: '#/components/schemas/PrivateApiKeyResponse'
examples:
response:
value:
jsonrpc: '2.0'
id: 2453
result:
timestamp: 1560242482758
max_scope: >-
account:read_write block_trade:read trade:read_write
wallet:read_write
id: 3
enabled: true
default: false
client_secret: B6RsF9rrLY5ezEGBQkyLlV-UC7whyPJ34BMA-kKYpes
client_id: 1sXMQBhM
name: NewKeyName
description: Response example
description: Success response
````