Issue a new API key for the authenticated user. The full secret is returned only once—store it securely.
API key management endpoints are rate limited to 30 requests per minute per authenticated user.
Friendly display name, shown in the Tremor dashboard.
Supabase user identifier. Populate using the sub claim from your session token.
Optional number of days before the key automatically expires.
Example Response
{
"key_id": "550e8400-e29b-41d4-a716-446655440000",
"key": "tmr_sk_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0",
"name": "Production API Key",
"user_id": "auth0|61a1b2c3d4e5f6g7h8i9j0",
"created_at": "2025-10-24T15:30:00.000Z",
"expires_at": "2026-10-24T15:30:00.000Z",
"last_used_at": null,
"is_active": true
}
Copy the key field from the response immediately. Tremor stores a hashed prefix and cannot recover the secret later.