Create API key
Create an API key for the ethereum address.
Signing the request
The request is authenticated by an EIP-191personal_sign signature produced by the wallet that owns address. Frontend code should use the standard wallet API (MetaMask, ethers, viem, …) — the wallet handles the EIP-191 prefix automatically; you do not need to construct it yourself.
Build the canonical message and call personal_sign:
0x<r:32><s:32><v:1>. Split it into the three hex components for the signature field of the request body:
Canonical message format
The string passed topersonal_sign MUST be JSON with keys in this exact order, no whitespace, no trailing newline:
ecrecover, and rejects the request with HTTP 401 if the recovered address does not equal address. Any deviation in whitespace, key order, encoding, or types will produce a different hash and fail the recovery check.Body
Ethereum address to associate with the account.
^(0x|0X)?[0-9a-fA-F]{40}$"0x742d35cc6634c0532925a3b844bc9e7595f2bd18"
Hex-encoded Ed25519 public key. Becomes the API key.
64^[0-9a-fA-F]{64}$"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2"
Name of the API wallet (included in the signing message).
1 - 64"Arcus"
EIP-191 personal_sign signature (r, s, v) produced by the wallet that owns address. See the POST /v1/createApiKey endpoint description for the full client-side signing recipe (canonical message, wallet API examples, splitting (r, s, v)). Requests where the recovered signer does not equal address are rejected with HTTP 401.
Expiration timestamp (epoch ms). Must be between 1 day and 180 days from the server's current time (inclusive). If omitted, defaults to 14 days from now. Explicit values outside the [now+1d, now+180d] window are rejected with HTTP 400.
x >= 1Response
API key creation accepted. The request has been sent to go-core / persistence but the key is not yet usable for authenticated requests; the caller must wait briefly for persistence to ingest the APIKeyOperation before the returned api_key resolves.
Newly generated API key (hex string).
20-byte EVM address as hex: optional 0x or 0X prefix and exactly 40 hexadecimal digits. API responses normalize to lowercase a–f after 0x.
^(0x|0X)?[0-9a-fA-F]{40}$Creation timestamp (epoch microseconds).
Account index for this API key (optional; omit when not applicable).
0 <= x <= 9Expiration timestamp (epoch ms). Echoes the client-supplied expiry, so it stays in milliseconds. Absent if no expiry.