NewWacht Bench is live — AI-assisted development for Wacht
WachtWacht

createApiAuthApp()

Creates the API auth app container that owns API keys. This request also controls app scope and authorization metadata when you provide those fields.

Usage

The following example shows a basic usage of the backend client from @wacht/nextjs/server.

import { wachtClient } from '@wacht/nextjs/server';export async function createApiAuthApp() {  const client = await wachtClient();  return client.apiKeys.createApiAuthApp({    app_slug: 'internal-api',    name: 'Internal API',    key_prefix: 'wacht_internal',    description: 'API access for internal services',    rate_limit_scheme_slug: 'internal-defaults',    permissions: ['users:read', 'users:write'],    resources: ['users/*'],  });}

Signature

function createApiAuthApp(  request: CreateApiAuthAppRequest,): Promise<ApiAuthApp>

CreateApiAuthAppRequest

app_slug?: string | undefined;
Stable slug used in app-scoped API auth routes.
name?: string | undefined;
Display name for the API auth app.
key_prefix?: string | undefined;
Prefix applied to keys issued under this app.
description?: string | undefined;
Optional description for admins.
user_id?: string | number | undefined;
Optional owner user id. When set, the backend rejects `permissions` and `resources` in the same request.
organization_id?: string | number | undefined;
Optional organization scope id.
workspace_id?: string | number | undefined;
Optional workspace scope id.
rate_limit_scheme_slug?: string | undefined;
Optional preconfigured rate-limit scheme slug.
permissions?: string[] | undefined;
Optional permissions list for app-level authorization.
resources?: string[] | undefined;
Optional resource patterns for app-level authorization.

Return value

deployment_id?: string | undefined;
Deployment that owns the app.
app_slug?: string | undefined;
Stable app slug.
name?: string | undefined;
Display name.
key_prefix?: string | undefined;
Key prefix for app keys.
is_active?: boolean | undefined;
Whether the app is active.
permissions?: string[] | undefined;
Effective permissions stored on the app.
resources?: string[] | undefined;
Effective resources stored on the app.
rate_limits?: RateLimit[] | undefined;
Effective rate-limit rules on the app.
unit?: 'second' | 'minute' | 'hour' | 'day' | undefined;
Rate-limit window unit.
duration?: number | undefined;
Window duration count in `unit`.
max_requests?: number | undefined;
Maximum allowed requests per window.
rate_limit_scheme_slug?: string | undefined;
Attached scheme slug when one is configured.

Backend behavior

API auth app creation is restricted to Growth plan deployments.
If user_id is provided, the backend rejects requests that also include permissions or resources.

Examples

Create an app with explicit permissions and resources

import { wachtClient } from '@wacht/nextjs/server';export async function createServiceApp() {  const client = await wachtClient();  return client.apiKeys.createApiAuthApp({    app_slug: 'billing-sync',    name: 'Billing Sync',    key_prefix: 'wacht_billing',    permissions: ['invoices:read', 'invoices:write'],    resources: ['invoices/*'],  });}

Create a user-attached app

import { wachtClient } from '@wacht/nextjs/server';export async function createUserOwnedApp(userId: string) {  const client = await wachtClient();  return client.apiKeys.createApiAuthApp({    app_slug: 'user-export',    name: 'User Export',    key_prefix: 'wacht_export',    user_id: userId,  });}

On this page

UsageSignatureCreateApiAuthAppRequestAPIBackend behaviorExamples