> ## Documentation Index
> Fetch the complete documentation index at: https://docs.nscale.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create endpoint access key

> Creates an access key for the specified object storage endpoint. The server generates the immutable access key identifier and secret. The secret is returned only once in the create response.



## OpenAPI

````yaml /openapi/storage-openapi.yaml post /api/v1/objectstorageendpoints/{objectStorageEndpointID}/accesskeys
openapi: 3.0.3
info:
  title: Storage Service API
  description: |-
    The Storage Service API provides that allows provisioning and life cycle
    management of File and Object storage.
  version: 1.13.0
servers: []
security: []
paths:
  /api/v1/objectstorageendpoints/{objectStorageEndpointID}/accesskeys:
    description: >-
      Manages the access keys associated with a specific S3-compatible object
      storage endpoint.
    parameters:
      - $ref: '#/components/parameters/objectStorageEndpointIDParameter'
    post:
      tags:
        - Object storage
      summary: Create endpoint access key
      description: >-
        Creates an access key for the specified object storage endpoint. The
        server generates the immutable access key identifier and secret. The
        secret is returned only once in the create response.
      requestBody:
        $ref: '#/components/requestBodies/objectStorageAccessKeyCreateRequest'
      responses:
        '201':
          $ref: '#/components/responses/objectStorageAccessKeyCreateResponse'
        '400':
          $ref: '#/components/responses/badRequestResponse'
        '401':
          $ref: '#/components/responses/unauthorizedResponse'
        '403':
          $ref: '#/components/responses/forbiddenResponse'
        '404':
          $ref: '#/components/responses/notFoundResponse'
        '422':
          $ref: '#/components/responses/unprocessableContentResponse'
        '500':
          $ref: '#/components/responses/internalServerErrorResponse'
      security:
        - oauth2Authentication: []
components:
  parameters:
    objectStorageEndpointIDParameter:
      name: objectStorageEndpointID
      in: path
      description: The object storage endpoint unique identifier.
      required: true
      schema:
        $ref: '#/components/schemas/kubernetesNameParameter'
  requestBodies:
    objectStorageAccessKeyCreateRequest:
      description: A request to create an object storage access key.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/objectStorageAccessKeyCreate'
          example:
            metadata:
              name: bucket-admin-key
              description: Access key for bucket administration
            spec:
              identityPolicy: bucket-admin
  responses:
    objectStorageAccessKeyCreateResponse:
      description: >-
        A newly created object storage access key. The generated secret is
        returned only once.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/objectStorageAccessKeyCreateResponseBody'
          example:
            metadata:
              id: 4c1de9c4-8d6c-4b32-8413-42e0b070d5d4
              name: bucket-admin-key
              organizationId: 9a8c6370-4065-4d4a-9da0-7678df40cd9d
              projectId: e36c058a-8eba-4f5b-91f4-f6ffb983795c
              creationTime: '2024-05-31T14:11:00Z'
              createdBy: john.doe@acme.com
              provisioningStatus: provisioned
              healthStatus: healthy
            spec:
              identityPolicy: bucket-admin
              accessKeyId: AKIAIOSFODNN7EXAMPLE
              secret: ...
    badRequestResponse:
      description: |-
        Request body failed schema validation, or the request does not contain
        all the required fields.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/error'
          example:
            error: invalid_request
            error_description: request body invalid
            trace_id: 57bc14d9bd461f0b5a72db830149b67a
    unauthorizedResponse:
      description: Authentication failed or the access token has expired.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/error'
          example:
            error: access_denied
            error_description: authentication failed
            trace_id: 57bc14d9bd461f0b5a72db830149b67a
    forbiddenResponse:
      description: >-
        Request was denied by authorization, this may be caused by the
        authorization

        token not having the required scope for an API, or the user doesn't have
        the

        necessary privileges on the provider platform.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/error'
          example:
            error: forbidden
            error_description: user credentials do not have the required privileges
            trace_id: 57bc14d9bd461f0b5a72db830149b67a
    notFoundResponse:
      description: Unable to find a resource.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/error'
          example:
            error: not_found
            error_description: the requested resource does not exist
            trace_id: 57bc14d9bd461f0b5a72db830149b67a
    unprocessableContentResponse:
      description: >-
        The provided request was syntactically correct but the instruction was
        unable to

        be processed due to semantic errors.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/error'
          example:
            error: unprocessable_content
            error_description: the request body was in the wrong format
            trace_id: 57bc14d9bd461f0b5a72db830149b67a
    internalServerErrorResponse:
      description: >-
        An unexpected or unhandled error occurred. This may be a transient error
        and

        may succeed on a retry.  If this isn't the case, please report it as an
        issue.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/error'
          example:
            error: server_error
            error_description: failed to token claim
            trace_id: 57bc14d9bd461f0b5a72db830149b67a
  schemas:
    kubernetesNameParameter:
      description: >-
        A Kubernetes name. Must be a valid DNS containing only lower case
        characters, numbers or hyphens, start and end with a character or
        number, and be at most 63 characters in length.
      type: string
      minLength: 1
      maxLength: 63
    objectStorageAccessKeyCreate:
      description: An object storage access key create request.
      type: object
      required:
        - metadata
        - spec
      properties:
        metadata:
          $ref: '#/components/schemas/resourceMetadata'
        spec:
          $ref: '#/components/schemas/objectStorageAccessKeyCreateSpec'
    objectStorageAccessKeyCreateResponseBody:
      description: An object storage access key create response.
      type: object
      required:
        - metadata
        - spec
      properties:
        metadata:
          $ref: '#/components/schemas/projectScopedResourceReadMetadata'
        spec:
          $ref: '#/components/schemas/objectStorageAccessKeyCreateResponseSpec'
    error:
      description: Generic error message, compatible with oauth2.
      type: object
      required:
        - error
        - error_description
      properties:
        error:
          description: >-
            A terse error string expanding on the HTTP error code. Errors are
            based on the OAuth 2.02 specification, but are expanded with
            proprietary status codes for APIs other than those specified by
            OAuth 2.02.
          type: string
          enum:
            - invalid_request
            - server_error
            - access_denied
            - not_found
            - conflict
            - method_not_allowed
            - unsupported_media_type
            - request_entity_too_large
            - unprocessable_content
            - forbidden
        error_description:
          description: Verbose message describing the error.
          type: string
        trace_id:
          description: Unique trace identifier for the request.
          type: string
    resourceMetadata:
      description: Metadata required for all API resource reads and writes.
      required:
        - name
      properties:
        name:
          $ref: '#/components/schemas/kubernetesLabelValue'
        description:
          description: >-
            The resource description, this optionally augments the name with
            more context.
          type: string
        tags:
          $ref: '#/components/schemas/tagList'
    objectStorageAccessKeyCreateSpec:
      description: An object storage access key create specification.
      type: object
      required:
        - identityPolicy
      properties:
        identityPolicy:
          description: The identity policy name associated with the access key.
          type: string
    projectScopedResourceReadMetadata:
      description: Metadata required by project scoped resource reads.
      allOf:
        - $ref: '#/components/schemas/organizationScopedResourceReadMetadata'
        - type: object
          required:
            - projectId
          properties:
            projectId:
              description: The project identifier the resource belongs to.
              type: string
    objectStorageAccessKeyCreateResponseSpec:
      description: An object storage access key create response specification.
      type: object
      required:
        - identityPolicy
        - accessKeyId
        - secret
      properties:
        identityPolicy:
          description: The identity policy name associated with the access key.
          type: string
        accessKeyId:
          description: The S3 access key identifier.
          type: string
          minLength: 20
          maxLength: 20
          pattern: ^[A-Za-z0-9]+$
        secret:
          description: >-
            The generated secret for the access key. This value is returned only
            once when the access key is created.
          type: string
          maxLength: 40
    kubernetesLabelValue:
      description: >-
        A valid Kubernetes label value, typically used for resource names that
        can be

        indexed in the database.
      type: string
      pattern: ^[0-9A-Za-z](?:[0-9A-Za-z-_.]{0,61}[0-9A-Za-z])?$
    tagList:
      description: A list of tags.
      type: array
      items:
        $ref: '#/components/schemas/tag'
    organizationScopedResourceReadMetadata:
      description: Metadata required by organization scoped resource reads.
      allOf:
        - $ref: '#/components/schemas/resourceReadMetadata'
        - type: object
          required:
            - organizationId
          properties:
            organizationId:
              description: The organization identifier the resource belongs to.
              type: string
    tag:
      description: >-
        A tag mapping arbitrary names to values.  These have no special meaning

        for any component are are intended for use by end users to add
        additional

        context to a resource, for example to categorize it.
      type: object
      required:
        - name
        - value
      properties:
        name:
          description: A unique tag name.
          type: string
        value:
          description: The value of the tag.
          type: string
    resourceReadMetadata:
      description: Metadata required by all resource reads.
      allOf:
        - $ref: '#/components/schemas/staticResourceMetadata'
        - type: object
          required:
            - provisioningStatus
            - healthStatus
          properties:
            deletionTime:
              description: The time the resource was deleted.
              type: string
              format: date-time
            provisioningStatus:
              $ref: '#/components/schemas/resourceProvisioningStatus'
            healthStatus:
              $ref: '#/components/schemas/resourceHealthStatus'
    staticResourceMetadata:
      description: |
        This metadata is for resources that just exist, and don't require
        any provisioning and health status, but benefit from a standardized
        metadata format.
      type: object
      allOf:
        - $ref: '#/components/schemas/resourceMetadata'
        - type: object
          required:
            - id
            - creationTime
          properties:
            id:
              description: The unique resource ID.
              type: string
            creationTime:
              description: The time the resource was created.
              type: string
              format: date-time
            createdBy:
              description: The user who created the resource.
              type: string
            modifiedTime:
              description: The time a resource was updated.
              type: string
              format: date-time
            modifiedBy:
              description: The user who updated the resource.
              type: string
    resourceProvisioningStatus:
      description: The provisioning state of a resource.
      type: string
      enum:
        - unknown
        - pending
        - provisioning
        - provisioned
        - deprovisioning
        - error
    resourceHealthStatus:
      description: The health state of a resource.
      type: string
      enum:
        - unknown
        - healthy
        - degraded
        - error
  securitySchemes:
    oauth2Authentication:
      description: Operation requires OAuth 2.0 bearer token authentication.
      type: oauth2
      flows:
        authorizationCode:
          authorizationUrl: https://identity.nks.europe-west4.nscale.com/oauth2/v2/authorization
          tokenUrl: https://identity.nks.europe-west4.nscale.com/oauth2/v2/token
          scopes: {}

````