Skip to main content
POST
/
v1
/
{workspace}
/
ws_public_key
/
Create Workspace Public Key
curl -X POST "https://management-api.suprsend.com/v1/{workspace}/ws_public_key/" \
  --header 'Authorization: ServiceToken <SERVICE_TOKEN>' \
  --header 'Content-Type: application/json' \
  --data '{"name":"web-app","description":"Browser integration"}'

{
  "id": "ws_pubk_exampleId01",
  "api_key": "SS.PUBK.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "name": "web-app",
  "allowed_domains": null,
  "is_secure_mode_enabled": false,
  "is_deleted": false,
  "is_default": false,
  "created_at": "2026-04-21T12:31:18.943398Z",
  "created_by": {
    "name": "System User",
    "email": "org_XXXXXXXXXXXXXXXXXXXXXX@systemuser.suprsend.com"
  },
  "rotated_at": null,
  "rotated_by": null,
  "updated_at": "2026-04-21T12:31:18.943443Z",
  "updated_by": null
}

Authorizations

ServiceToken <token>
string
header
required

You can get Service Token from SuprSend dashboard -> Account Settings -> Service Tokens section.

Path Parameters

workspace
string
required

Workspace slug (e.g. staging, production).

Body

application/json
name
string
required

Label for the public key.

Example:

"web-app"

description
string | null

Optional notes.

Response

Public key created.

Workspace public key used by client SDKs.

id
string

Unique identifier of the public key.

Example:

"ws_pubk_exampleId01"

api_key
string

Public key value exposed to clients.

Example:

"SS.PUBK.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

name
string

Label for the public key.

Example:

"web-app"

allowed_domains
string[] | null

Domains allowed to use this public key.

is_secure_mode_enabled
boolean

Indicates whether secure mode is enabled for this key.

is_deleted
boolean

Indicates whether the public key has been deleted.

is_default
boolean

Indicates whether this is the default public key for the workspace.

created_at
string<date-time>

Timestamp when the public key was created.

created_by
object

Identity that performed an action (created, updated, rolled, deleted, rotated).

rotated_at
string<date-time> | null

Timestamp when the public key was last rotated.

rotated_by
object

Identity that performed an action (created, updated, rolled, deleted, rotated).

updated_at
string<date-time>

Timestamp when the public key was last updated.

updated_by
object

Identity that performed an action (created, updated, rolled, deleted, rotated).