Skip to main content
POST
/
v1
/
user
/
api-keys
Create API Key
curl --request POST \
  --url https://api.convallax.com/v1/user/api-keys \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "production-bot"
}
'
{
  "success": true,
  "key": "mk_live_9f8e7d6c5b4a3f2e1d0c9b8a7...",
  "apiKey": {
    "id": "8f3c2b1a-1d2e-4c3b-9a8f-6e5d4c3b2a1f",
    "name": "production-bot",
    "keyPrefix": "mk_live_9f8e7d6",
    "createdAt": "2026-06-16T18:05:00.000Z",
    "lastUsedAt": null,
    "revokedAt": null
  }
}
Generate a new API key for market-making. Authenticate with your Privy access token.
The plaintext key is returned once in this response and never again. Store it securely the moment you receive it — if you lose it, revoke it and create a new one.
The key works immediately as a maker credential: send it as X-API-Key on the quote-request stream and the REST quote endpoints. All quotes submitted with it are attributed to your account’s makerId.
In Convallax there is no separate market-maker role — any signed-in user can generate a key and begin quoting. Takers do not need a key at all; their authorization is the on-chain fill().

Authorizations

Authorization
string
header
required

Privy access token from the Convallax dashboard, sent as Authorization: Bearer <jwt>.

Body

application/json
name
string

Optional label for the key.

Example:

"production-bot"

Response

Key created (plaintext returned once)

success
boolean
key
string

The plaintext API key. Shown ONCE — store it now.

Example:

"mk_live_9f8e7d6c5b4a3f2e1d0c9b8a7..."

apiKey
object

API key metadata. Never includes the secret.