When to use
- User needs an API key scoped to a specific organization for deployments or automation
- Setting up CI/CD credentials for a team or client workspace
- Creating keys for agents or scripts that trigger workflows within an org
Prerequisites
codika CLI installed and authenticated- Personal key (
ckp_) or admin key (cka_) with api-keys:manage scope
- Target organization must already exist (see Create Organization)
Command
codika organization create-key [options]
Options
| Option | Required | Description | Default |
|---|
--organization-id <id> | Yes | Organization ID to create the key for | — |
--name <name> | Yes | Key name (for identification) | — |
--scopes <scopes> | Yes | Comma-separated list of scopes | — |
--description <desc> | No | Key description | — |
--expires-in-days <days> | No | Number of days until the key expires | No expiry |
--api-url <url> | No | Override API URL | — |
--api-key <key> | No | Override API key | — |
--profile <name> | No | Use a specific profile instead of the active one | — |
--json | No | JSON output | — |
Available scopes
| Scope | Description |
|---|
deploy:use-case | Deploy use cases, upload documents, and read metadata |
projects:create | Create new projects via API |
projects:read | List and inspect project details |
workflows:trigger | Trigger workflows and poll execution status |
executions:read | List and read execution details |
instances:read | Read process instance details |
instances:manage | Activate, deactivate, and manage instances |
skills:read | Download agent skill documents |
integrations:manage | Create, delete, and list integrations |
api-keys:manage | Create, update, and manage organization API keys |
Behavior
- Validates that the authenticated key has the
api-keys:manage scope
- Verifies the user is an admin or owner of the target organization
- Creates a new organization key (
cko_) with the specified scopes
- Saves the new key as a profile and sets it as active
- Returns the raw key once — it cannot be retrieved again after creation
Examples
# Basic key creation
codika organization create-key \
--organization-id "xwk9CcT440Vupa8soIhY" \
--name "CI Deploy Key" \
--scopes "deploy:use-case,workflows:trigger"
# With description and expiry
codika organization create-key \
--organization-id "xwk9CcT440Vupa8soIhY" \
--name "Agent Key" \
--scopes "deploy:use-case,workflows:trigger,integrations:manage" \
--description "Key for autonomous agent deployments" \
--expires-in-days 90
# JSON output for scripting
codika organization create-key \
--organization-id "xwk9CcT440Vupa8soIhY" \
--name "Script Key" \
--scopes "deploy:use-case,workflows:trigger" \
--json
Output
✓ Organization API Key Created Successfully
⚠ Save the API key below — it will not be shown again.
API Key: cko_xxxxxxxxxxxxxxxxxxxx
Key Prefix: cko_xxxxxxxx
Key ID: abc123-def456
Name: CI Deploy Key
Scopes: deploy:use-case, workflows:trigger
Created: 3/30/2026
Request ID: req-789
Saved as profile "org-api-key-ci-deploy-key" (now active)
The raw key is displayed only once at creation time. Store it securely — it cannot be retrieved later.
Exit codes
| Code | Meaning |
|---|
0 | Success |
1 | API error (auth, network, server) |
2 | CLI validation error (e.g., missing --organization-id, --name, or --scopes) |
