Skip to main content
POST
/
api
/
v3
/
admin
/
api_keys
Spree Admin SDK
import { createAdminClient } from '@spree/admin-sdk'

const client = createAdminClient({
  baseUrl: 'https://your-store.com',
  secretKey: 'sk_xxx',
})

const key = await client.apiKeys.create({
  name: 'Backend integration',
  key_type: 'secret',
  scopes: ['read_orders', 'write_orders']
})
// `key.plaintext_token` is available only on this response.
{
  "id": "key_VqXmZF31wY",
  "name": "CI key",
  "key_type": "secret",
  "token_prefix": "sk_hdVLD3kea",
  "scopes": [
    "read_orders"
  ],
  "created_at": "2026-06-01T13:00:36.146Z",
  "updated_at": "2026-06-01T13:00:36.146Z",
  "revoked_at": null,
  "last_used_at": null,
  "plaintext_token": "sk_hdVLD3keaZjTsnEumf28FbFy",
  "created_by_email": "shay_lind@nolan.com"
}

Authorizations

x-spree-api-key
string
header
required

Secret API key for admin access

Authorization
string
header
required

JWT token for admin user authentication

Headers

x-spree-api-key
string
required
Authorization
string
required

Body

application/json
name
string
required
Example:

"Backend integration"

key_type
enum<string>
required
Available options:
publishable,
secret
scopes
string[]
Example:
["read_orders", "write_orders"]

Response

secret key created — plaintext token returned once