Skip to main content
POST
/
v2
/
authentication
/
apiKeys
Create API key
curl --request POST \
  --url https://api.snappy.com/public-api/v2/authentication/apiKeys \
  --header 'Content-Type: application/json' \
  --header 'X-Api-Key: <api-key>' \
  --data '
{
  "name": "My API",
  "expirationInDays": 90,
  "enforceMtls": false
}
'
{
  "id": "abc123456",
  "expirationDate": "2022-12-06T09:50:38.536Z",
  "createdAt": "2022-12-06T09:50:38.536Z",
  "enforceMtls": true,
  "name": "My API key",
  "companyId": "abc12345678",
  "apiKey": "abc123456abc123454542343",
  "permissions": [
    "gifts:create"
  ],
  "accountsAccess": {
    "scope": "all-accounts",
    "ids": [
      "<string>"
    ]
  }
}

Documentation Index

Fetch the complete documentation index at: https://docs.snappy.com/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

X-Api-Key
string
header
required

Company Level Authentication

Company level authentication provides access to all resources under your company, including accounts, campaigns, gifts, and recipients.

Getting Your API Key

  1. Create an API Key: Use the POST /v2/authentication/apiKeys endpoint to generate a new API key
  2. Set Expiration: Choose from 30, 60, 90, or 180 days (default: 90 days)
  3. Optional mTLS: Enable mutual TLS for enhanced security
  4. Name Your Key: Provide a descriptive name for easy identification

Using Your API Key

Include your API key in the X-Api-Key header for every request:

X-Api-Key: YOUR_24_CHARACTER_API_KEY

API Key Management

  • Maximum Keys: Up to 3 active API keys per company
  • Rotation: Delete old keys before creating new ones when at the limit
  • Security: Keys are hashed and cannot be retrieved after creation

Enhanced Security (mTLS)

For production environments, enable mutual TLS authentication:

  1. Set enforceMtls: true when creating the API key
  2. Contact support to obtain your client certificates
  3. Use the mTLS endpoint: https://mtls-api.snappy.com/public-api

Headers

Request-Source
enum<string>

Source of the request

Available options:
api_native,
api_zapier,
api_salesforce,
api_ftp,
api_make
Example:

"api_native"

Query Parameters

companyId
string

Company ID

Pattern: ^[A-Za-z0-9]{8,}$
Example:

"12345678"

Body

application/json

Create API key request body.

name
string
required

The name of the API key. The name is used to identify the API key. The name must be unique.

Minimum string length: 1
Example:

"My API"

expirationInDays
number | null
default:90

API key expiration period in days. Valid values: 30, 60, 90, 180, 365. Default: 90 days.

Required range: 0.00069 <= x <= 365
enforceMtls
boolean
default:false

If true, the API key will be enforced to use mTLS. If false, the API key will not be enforced to use mTLS. The default value is false.

Example:

true

permissions
enum<string>[]

The permissions of the API key.

Available options:
gifts:create,
gifts:create:demo,
gifts:update,
gifts:read:unmasked,
gifts:read:masked,
orders:create,
orders:cancel,
orders:read:unmasked,
orders:read:masked,
campaigns:create,
campaigns:update,
campaigns:read,
collections:read,
products:read,
products:read:prices,
recipients:create,
recipients:update,
recipients:read:unmasked,
recipients:read:masked,
recipients:delete,
accounts:create,
accounts:read
accountIds
string[]

Response

Ok

API key object.

id
string
required

The API key id

Example:

"abc123456"

expirationDate
string | null
required

The date the API key will expire. Date Format: YYYY-MM-DDThh:mm:ss.sZ.

Example:

"2022-12-06T09:50:38.536Z"

createdAt
string
required

The date the API key was created. Date Format: YYYY-MM-DDThh:mm:ss.sZ.

Example:

"2022-12-06T09:50:38.536Z"

enforceMtls
boolean
required

If true, the API key will be enforced to use mTLS. If false, the API key will not be enforced to use mTLS.

Example:

true

name
string
required

The name of the API key

Example:

"My API key"

companyId
string

The company id

Example:

"abc12345678"

apiKey
string

The API key

Pattern: ^[a-fA-F0-9]{24}$
Example:

"abc123456abc123454542343"

permissions
enum<string>[]

The permissions of the API key.

Available options:
gifts:create,
gifts:create:demo,
gifts:update,
gifts:read:unmasked,
gifts:read:masked,
orders:create,
orders:cancel,
orders:read:unmasked,
orders:read:masked,
campaigns:create,
campaigns:update,
campaigns:read,
collections:read,
products:read,
products:read:prices,
recipients:create,
recipients:update,
recipients:read:unmasked,
recipients:read:masked,
recipients:delete,
accounts:create,
accounts:read
accountsAccess
object

The accounts access of the API key.

Last modified on April 16, 2026