Skip to main content
POST
/
api
/
token
curl https://api.cometapi.com/api/token/ \
  -H "Authorization: your-access-token" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "production",
    "expired_time": -1,
    "remain_quota": 100000,
    "unlimited_quota": false,
    "model_limits_enabled": false,
    "model_limits": "",
    "allow_ips": null,
    "group": "",
    "cross_group_retry": false
  }'
{
  "success": true,
  "message": ""
}

Documentation Index

Fetch the complete documentation index at: https://apidoc.cometapi.com/llms.txt

Use this file to discover all available pages before exploring further.

Use this endpoint to create an API key for automation, internal dashboards, or server-side integrations.
Generate a personal access token at Console → Personal Settings, then send it as the raw Authorization header value. Do not prefix it with Bearer.
The create response only confirms success. It does not include the new key record or key value. After creation, call List API keys to read the newest key record.

Request body

FieldTypeDescription
namestringUser-readable display name for the key. Must be 50 characters or fewer.
expired_timeintegerUnix timestamp in seconds when the key expires. Use -1 for no expiration.
remain_quotaintegerStarting quota in CometAPI internal quota units. If this reaches 0 and unlimited_quota is false, model requests with this key are rejected as quota exhausted.
unlimited_quotabooleanWhether the key bypasses remaining-quota checks. Set true only when the key should keep working even if remain_quota is 0.
model_limits_enabledbooleanWhether to restrict this key to specific models. When false, model_limits is ignored.
model_limitsstringComma-separated model IDs allowed by this key when model_limits_enabled is true. Use model IDs returned by /v1/models; use an empty string for no model restriction.
allow_ipsstring or nullOptional IP allowlist. Provide one JSON string with entries separated by newline characters (\n). Each entry can be a single IPv4 address, single IPv6 address, IPv4 CIDR, or IPv6 CIDR. Use null or "" to disable IP restrictions.
groupstringOptional account group restriction. Use an empty string for no explicit group. Non-empty values must be available to the account, or the API returns success: false.
cross_group_retrybooleanWhether cross-group retry is enabled for automatic group routing. This is only meaningful when the key uses an auto-routed group.

Allowlist format

To allow multiple IPs or CIDR ranges, send them as one JSON string with \n between entries: 
{
  "allow_ips": "198.51.100.10\n203.0.113.0/24\n2001:db8::/32"
}
This example allows one IPv4 address, one IPv4 CIDR range, and one IPv6 CIDR range.

Authorizations

Authorization
string
header
required

Personal access token copied from CometAPI Console > Personal Settings. Send the raw token value; do not prefix it with Bearer.

Body

application/json
name
string

User-readable display name for the API key. The backend accepts up to 50 Unicode characters; longer names return success: false with token name is too long.

Maximum string length: 50
Example:

"production"

expired_time
integer

Unix timestamp in seconds when the key expires. Use -1 for no expiration. A past timestamp blocks model requests with this key.

Example:

-1

remain_quota
integer

Starting quota for the new key in CometAPI internal quota units. If this reaches 0 while unlimited_quota is false, model requests with this key are rejected as quota exhausted.

Example:

100000

unlimited_quota
boolean

Whether the key bypasses remaining-quota checks. Set true only when the key should keep working even if remain_quota is 0.

Example:

false

model_limits_enabled
boolean

Whether to restrict this key to specific models. When true, only model IDs listed in model_limits are allowed. When false, model_limits is ignored.

Example:

false

model_limits
string

Comma-separated model IDs allowed by this key when model_limits_enabled is true. Use model IDs returned by /v1/models, for example <model-id-1>,<model-id-2>. Use an empty string for no model restriction.

Example:

""

allow_ips
string | null

Optional IP allowlist. Provide one JSON string with entries separated by newline characters (\n). Each entry can be a single IPv4 address, single IPv6 address, IPv4 CIDR, or IPv6 CIDR. Example for three allowlist entries: 198.51.100.10\n203.0.113.0/24\n2001:db8::/32. CometAPI compares the model request client IP to this list. Use null or "" to disable IP restrictions.

Example:

"198.51.100.10\n203.0.113.0/24\n2001:db8::/32"

group
string

Optional account group restriction. Use an empty string for no explicit group restriction. Non-empty values must be available to the account, or the API returns success: false with a no access to group message.

Example:

""

cross_group_retry
boolean

Whether cross-group retry is enabled for automatic group routing. This is only meaningful when the key uses an auto-routed group such as auto.

Example:

false

Response

200 - application/json

Create result.

success
boolean
required

Whether the create operation succeeded.

Example:

true

message
string
required

Backend status message. The value is usually an empty string on success.

Example:

""