Skip to main content
POST
/
v1
/
cwobject
/
access-key
Create access key
curl --request POST \
  --url https://api.coreweave.com/v1/cwobject/access-key \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "durationSeconds": 1,
  "attributes": {}
}
'
{
  "accessKeyId": "<string>",
  "secretKey": "<string>",
  "principalName": "<string>",
  "expiry": "2023-11-07T05:31:56Z",
  "attributes": {}
}

gRPC method: CreateAccessKeyFromJWT

Generate an access key using a CoreWeave Cloud token. The key can be permanent or time-limited depending on the value of durationSeconds.
  • Set durationSeconds to 0 to create a permanent key.
  • Set durationSeconds to a positive integer to create a temporary key with that lifespan in seconds.
data.json (permanent)
{
  "durationSeconds": 0,
  "attributes": {
    "name": "permanent-key"
  }
}
data.json (temporary)
{
  "durationSeconds": 300,
  "attributes": {
    "name": "temporary-key"
  }
}
Example request
curl -X POST https://api.coreweave.com/v1/cwobject/access-key \
       -H "Content-Type: application/json" \
       -H "Authorization: Bearer {API_ACCESS_TOKEN}" \
       -d @data.json

Authorizations

Authorization
string
header
default:Bearer {API_ACCESS_TOKEN}
required

CoreWeave API access token sent as a bearer token in the Authorization header (the value is prefixed with Bearer). Used by every operation except the SAML/OIDC token-exchange endpoints (anonymous) and the container credentials GET (which uses ContainerCredentialsAuth).

Body

application/json

Inputs for creating an access key from a CoreWeave Cloud token.

durationSeconds
integer<uint32>
required

Lifespan of the resulting access key in seconds. Set to 0 to create a permanent key; set to a positive integer to create a temporary key with that lifespan. Required.

Required range: x >= 0
attributes
object

Free-form caller-supplied attributes attached to the key (for example, name).

Response

OK

The newly-minted access key. The secretKey is the only opportunity to read the secret value.

accessKeyId
string

The access-key ID.

secretKey
string

The secret access key. Treat as a credential and store it securely on receipt.

principalName
string

The fully-qualified principal name that owns the access key.

expiry
string<date-time>

The expiration time of the access key. Permanent keys may report a sentinel value.

attributes
object

The attributes that were attached to the key on creation.

Last modified on June 25, 2026