# Create a key #### Allowed users {% tabs %} {% tab title="User" %} Allowed {% endtab %} {% tab title="Master" %} Not allowed {% endtab %} {% tab title="ExtAuth" %} Allowed {% endtab %} {% endtabs %} #### Required access scope {% tabs %} {% tab title="Main" %} `keymgmt:gen` {% endtab %} {% endtabs %} ## Create a new key `POST` `https://my.ence.do/api/keymgmt/create` Create a new key and save it. #### Headers | Name | Type | Description | | ----------------------------------------------- | ------ | ----------------- | | Authorization\* | String | Bearer JWT\_TOKEN | | Content-Type\* | String | application/json | #### Request Body | Name | Type | Description | | ----------------------------------------- | ------ | -------------------------------------- | | `label`\* | String | Label of a key | | `mode` | String | Key operation mode (for NIST ECC only) | | `type`\* | String | Type of key to create | | `descr` | String | Base64 encoded additional description | #### Response status code {% tabs %} {% tab title="200: Operation successful" %} ```javascript { "kid":"09bd0958e1499ecfd51ea62a3f49a84c" } ``` {% endtab %} {% tab title="400: Incorrect argument(s)" %} {% endtab %} {% tab title="401: Missing or invalid JWT\_TOKEN" %} {% endtab %} {% tab title="403: Incorrect access scope" %} {% endtab %} {% tab title="406: Operation failed" %} {% endtab %} {% tab title="409: Incorrect internal state" %} {% endtab %} {% tab title="418: TLS connection required" %} {% endtab %} {% endtabs %} #### Possible `key` type

Type	Description
SECP256R1	NIST P-256 ECC key
SECP384R1	NIST P-384 ECC key
SECP521R1	NIST P-521 ECC key
SECP256K1	SEC2-v2 ECC key
CURVE25519	CURVE25519 ECC ECDH only key
CURVE448	CURVE4ECC ECDH only key
ED25519	ED25519 ECC EdDSA only key
ED448	ED448 ECC EdDSA only key
SHA2-256	SHA2-256 HMAC symmetric key
SHA2-384	SHA2-384 HMAC symmetric key
SHA2-512	SHA2-512 HMAC symmetric key
SHA3-256	SHA3-256 HMAC symmetric key
SHA3-384	SHA3-384 HMAC symmetric key
SHA3-512	SHA3-512 HMAC symmetric key
AES128	AES 128 bits symmetric key
AES192	AES 192 bits symmetric key
AES256	AES 256 bits symmetric key
MLKEM512	ML-KEM-512 key
MLKEM768	ML-KEM-768 key
MLKEM1024	ML-KEM-1024 key
MLDSA44	ML-DSA-44 key
MLDSA65	ML-DSA-65 key
MLDSA87	ML-DSA-87 key

#### Possible key `mode` (for NIST ECC keys only) | Mode | Description | | ---------- | ------------------------------ | | ECDH | Limit usage to ECDH only. | | ExDSA | Limit usage to ExDSA only. | | ECDH,ExDSA | Allow both ECDH and ECDH mode. | #### Response data for successful operation

Name	Type	Description
`kid`	String	Key ID, 32 chars hex string

#### Log entries

Event	Result	Source
LOG_TYPE_FAILED_SCOPE_CHECK	LOG_RESULT_FAILED	403
LOG_TYPE_KEY_GENERATION	LOG_RESULT_ERROR	400
LOG_TYPE_KEY_GENERATION	LOG_RESULT_FAILED	406
LOG_TYPE_KEY_GENERATION	LOG_RESULT_OK	200

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.encedo.com/hem-api/reference/api-reference/key-management/create-a-key.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.