> ## Documentation Index
> Fetch the complete documentation index at: https://docs.machines.cash/llms.txt
> Use this file to discover all available pages before exploring further.

# Create user API key from web session

> Create user API key from web session

When to use this: Use from first-party Machines web app profile to mint a key without wallet re-sign.

Required scope: web session.



## OpenAPI

````yaml consumer-openapi.yaml post /identity/user-api-keys
openapi: 3.1.0
info:
  title: Machines Cash User API
  version: 1.0.0
  description: >-
    User API surface for user-key and agent integrations. Canonical endpoints
    are under /user/v1 and /identity/user-api-keys. Legacy /consumer/v1 and
    /identity/consumer-api-keys remain supported for backward compatibility.
    This reference is separate from partner endpoints.
servers:
  - url: https://api.machines.cash
    description: production
security:
  - UserSessionBearer: []
tags:
  - name: auth
    description: Bootstrap user access.
  - name: keys
    description: User API key lifecycle.
  - name: sessions
    description: Short-lived scoped session minting.
  - name: webHelper
    description: Web-session helper endpoints.
  - name: crypto
    description: User encryption/decryption helpers.
  - name: users
    description: User profile endpoints.
  - name: kyc
    description: Identity verification endpoints.
  - name: agreements
    description: Agreement read/accept endpoints.
  - name: onboarding
    description: Onboarding progress endpoints.
  - name: cards
    description: Card management endpoints.
  - name: folders
    description: Card folder management endpoints.
  - name: balances
    description: Balance read endpoints.
  - name: contracts
    description: Collateral contract endpoints.
  - name: tokens
    description: Token metadata endpoints.
  - name: withdrawals
    description: Withdrawal endpoints.
  - name: transactions
    description: Transaction history endpoints.
  - name: deposits
    description: Deposit endpoints.
  - name: identity
    description: Identity aliases/wallet/deposit preference endpoints.
  - name: notifications
    description: Notification preference/device endpoints.
  - name: payments
    description: Payment support endpoints.
  - name: subscriptions
    description: Subscription and add-on endpoints.
  - name: referrals
    description: Referral endpoints.
  - name: bills
    description: Bill tracking endpoints.
  - name: support
    description: Support context endpoints.
  - name: spotlight
    description: Spotlight search endpoints.
paths:
  /identity/user-api-keys:
    post:
      tags:
        - webHelper
      summary: Create user API key from web session
      description: >-
        Create user API key from web session


        When to use this: Use from first-party Machines web app profile to mint
        a key without wallet re-sign.


        Required scope: web session.
      operationId: post_identity_user_api_keys
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/EmptyObject'
            example: {}
      responses:
        '201':
          description: Success
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CreateKeyResponse'
              example:
                ok: true
                data: {}
                summary: success
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
        '429':
          $ref: '#/components/responses/TooManyRequests'
      security:
        - WebSessionBearer: []
components:
  schemas:
    EmptyObject:
      type: object
      additionalProperties: false
    CreateKeyResponse:
      type: object
      properties:
        consumerApiKey:
          type: string
          description: Returned once at creation time.
        consumerKeyId:
          type: string
        keyPrefix:
          type: string
        walletAddress:
          type: string
        userId:
          type: string
          nullable: true
        scopes:
          type: array
          items:
            type: string
        userApiKey:
          type: string
          description: Returned once at creation time.
        userKeyId:
          type: string
      additionalProperties: true
    StandardError:
      type: object
      properties:
        error:
          type: string
        message:
          type: string
      required:
        - error
        - message
      additionalProperties: true
  responses:
    BadRequest:
      description: Invalid request payload or parameters.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/StandardError'
    Unauthorized:
      description: Missing/invalid bearer or key credentials.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/StandardError'
    Forbidden:
      description: Valid auth but missing required scope or blocked by policy.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/StandardError'
    NotFound:
      description: Resource not found for current user/session.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/StandardError'
    TooManyRequests:
      description: Rate limit triggered for current key/session.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/StandardError'
  securitySchemes:
    UserSessionBearer:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: >-
        Bearer session token for User API operations. Legacy UserSessionBearer
        naming remains supported.
    WebSessionBearer:
      type: http
      scheme: bearer
      bearerFormat: JWT

````