Create publishable key

curl --request POST \ --url https://api.oneinbox.ai/v1/publishable-keys \ --header 'Authorization: Bearer <token>' \ --header 'Content-Type: application/json' \ --data ' { "name": "Production widget", "allowed_origins": [ "https://yoursite.com", "https://app.yoursite.com" ] } '

{ "id": "pk_abc123", "key": "oi_pk_live_abc123def456", "key_prefix": "oi_pk_live_abc1", "name": "Production widget", "allowed_origins": [ "https://yoursite.com", "https://app.yoursite.com" ], "is_active": true, "created_at": "2023-11-07T05:31:56Z", "updated_at": "2023-11-07T05:31:56Z" }

Authorizations

Authorization

string

header

required

Use api_key from POST /v1/api-keys

Body

application/json

name

string

required

Human-readable label for this key

Example:

"Production widget"

allowed_origins

string[]

Domains allowed to use this publishable key. Include protocol and no trailing slash. Requests from unlisted origins return 403 Origin not allowed. Leave empty to allow all origins (useful during development — restrict before going to production).

Example:

["https://yoursite.com"]

Response

201 - application/json

Created — key value shown only once

string

Example:

"pk_abc123"

key

string

Full publishable key value — only returned on create. Shows key_prefix on subsequent lists.

Example:

"oi_pk_live_abc123def456"

key_prefix

string

Example:

"oi_pk_live_abc1"

name

string

Example:

"Production widget"

allowed_origins

string[]

Domains allowed to use this key. Requests from other origins return 403.

Example:

[
  "https://yoursite.com",
  "https://app.yoursite.com"
]

is_active

boolean

created_at

string<date-time>

updated_at

string<date-time>