> ## Documentation Index
> Fetch the complete documentation index at: https://opentouter.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Create authorization code

> Create an authorization code for the PKCE flow to generate a user-controlled API key



## OpenAPI

````yaml /openapi/openapi.yaml post /auth/keys/code
openapi: 3.1.0
info:
  contact:
    email: support@openrouter.ai
    name: OpenRouter Support
    url: https://openrouter.ai/docs
  description: OpenAI-compatible API with additional OpenRouter features
  license:
    name: MIT
    url: https://opensource.org/licenses/MIT
  title: OpenRouter API
  version: 1.0.0
servers:
  - description: Production server
    url: https://openrouter.ai/api/v1
    x-speakeasy-server-id: production
security:
  - apiKey: []
tags:
  - description: API key management endpoints
    name: API Keys
  - description: Analytics and usage endpoints
    name: Analytics
  - description: Anthropic Messages endpoints
    name: Anthropic Messages
  - description: BYOK endpoints
    name: BYOK
  - description: Benchmarks endpoints
    name: Benchmarks
  - description: Chat completion endpoints
    name: Chat
  - description: Task classification market-share endpoints
    name: Classifications
  - description: Credit management endpoints
    name: Credits
  - description: Datasets endpoints
    name: Datasets
  - description: Text embedding endpoints
    name: Embeddings
  - description: Endpoint information
    name: Endpoints
  - description: Files endpoints
    name: Files
  - description: Generation history endpoints
    name: Generations
  - description: Guardrails endpoints
    name: Guardrails
  - description: Images endpoints
    name: Images
  - description: Model information endpoints
    name: Models
  - description: OAuth authentication endpoints
    name: OAuth
  - description: Observability endpoints
    name: Observability
  - description: Organization endpoints
    name: Organization
  - description: Presets endpoints
    name: Presets
  - description: Provider information endpoints
    name: Providers
  - description: Rerank endpoints
    name: Rerank
  - description: Speech-to-text endpoints
    name: STT
    x-displayName: Transcriptions
  - description: Text-to-speech endpoints
    name: TTS
    x-displayName: Speech
  - description: Video Generation endpoints
    name: Video Generation
  - description: Workspaces endpoints
    name: Workspaces
  - description: beta.Analytics endpoints
    name: beta.Analytics
  - description: beta.responses endpoints
    name: beta.responses
externalDocs:
  description: OpenRouter Documentation
  url: https://openrouter.ai/docs
paths:
  /auth/keys/code:
    post:
      tags:
        - OAuth
      summary: Create authorization code
      description: >-
        Create an authorization code for the PKCE flow to generate a
        user-controlled API key
      operationId: createAuthKeysCode
      requestBody:
        content:
          application/json:
            example:
              callback_url: https://myapp.com/auth/callback
              code_challenge: E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM
              code_challenge_method: S256
              limit: 100
            schema:
              example:
                callback_url: https://myapp.com/auth/callback
                code_challenge: E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM
                code_challenge_method: S256
                limit: 100
              properties:
                callback_url:
                  description: >-
                    The callback URL to redirect to after authorization.
                    Supports https URLs and localhost/127.0.0.1 URLs on any port
                    for local CLI tools.
                  example: https://myapp.com/auth/callback
                  format: uri
                  type: string
                code_challenge:
                  description: PKCE code challenge for enhanced security
                  example: E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM
                  type: string
                code_challenge_method:
                  description: The method used to generate the code challenge
                  enum:
                    - S256
                    - plain
                  example: S256
                  type: string
                expires_at:
                  description: Optional expiration time for the API key to be created
                  example: '2027-12-31T23:59:59Z'
                  format: date-time
                  nullable: true
                  type: string
                key_label:
                  description: >-
                    Optional custom label for the API key. Defaults to the app
                    name if not provided.
                  example: My Custom Key
                  maxLength: 100
                  type: string
                limit:
                  description: Credit limit for the API key to be created
                  example: 100
                  format: double
                  type: number
                spawn_agent:
                  description: Agent identifier for spawn telemetry
                  example: my-agent
                  type: string
                  x-fern-ignore: true
                  x-speakeasy-ignore: true
                spawn_cloud:
                  description: Cloud identifier for spawn telemetry
                  example: aws-us-east-1
                  type: string
                  x-fern-ignore: true
                  x-speakeasy-ignore: true
                usage_limit_type:
                  description: >-
                    Optional credit limit reset interval. When set, the credit
                    limit resets on this interval.
                  enum:
                    - daily
                    - weekly
                    - monthly
                  example: monthly
                  type: string
                workspace_id:
                  description: Optional workspace ID to associate the API key with
                  format: uuid
                  type: string
              required:
                - callback_url
              type: object
        required: true
      responses:
        '200':
          content:
            application/json:
              example:
                data:
                  app_id: 12345
                  created_at: '2025-08-24T10:30:00Z'
                  id: auth_code_xyz789
              schema:
                example:
                  data:
                    app_id: 12345
                    created_at: '2025-08-24T10:30:00Z'
                    id: auth_code_xyz789
                properties:
                  data:
                    description: Auth code data
                    example:
                      app_id: 12345
                      created_at: '2025-08-24T10:30:00Z'
                      id: auth_code_xyz789
                    properties:
                      app_id:
                        description: The application ID associated with this auth code
                        example: 12345
                        type: integer
                      created_at:
                        description: ISO 8601 timestamp of when the auth code was created
                        example: '2025-08-24T10:30:00Z'
                        type: string
                      id:
                        description: >-
                          The authorization code ID to use in the exchange
                          request
                        example: auth_code_xyz789
                        type: string
                    required:
                      - id
                      - app_id
                      - created_at
                    type: object
                required:
                  - data
                type: object
          description: Successfully created authorization code
        '400':
          content:
            application/json:
              example:
                error:
                  code: 400
                  message: Invalid request parameters
              schema:
                $ref: '#/components/schemas/BadRequestResponse'
          description: Bad Request - Invalid request parameters or malformed input
        '401':
          content:
            application/json:
              example:
                error:
                  code: 401
                  message: Missing Authentication header
              schema:
                $ref: '#/components/schemas/UnauthorizedResponse'
          description: Unauthorized - Authentication required or invalid credentials
        '403':
          content:
            application/json:
              example:
                error:
                  code: 403
                  message: Only management keys can perform this operation
              schema:
                $ref: '#/components/schemas/ForbiddenResponse'
          description: Forbidden - Authentication successful but insufficient permissions
        '409':
          content:
            application/json:
              example:
                error:
                  code: 409
                  message: Resource conflict. Please try again later.
              schema:
                $ref: '#/components/schemas/ConflictResponse'
          description: Conflict - Resource conflict or concurrent modification
        '500':
          content:
            application/json:
              example:
                error:
                  code: 500
                  message: Internal Server Error
              schema:
                $ref: '#/components/schemas/InternalServerResponse'
          description: Internal Server Error - Unexpected server error
components:
  schemas:
    BadRequestResponse:
      description: Bad Request - Invalid request parameters or malformed input
      example:
        error:
          code: 400
          message: Invalid request parameters
      properties:
        error:
          $ref: '#/components/schemas/BadRequestResponseErrorData'
        openrouter_metadata:
          additionalProperties:
            nullable: true
          nullable: true
          type: object
        user_id:
          nullable: true
          type: string
      required:
        - error
      type: object
    UnauthorizedResponse:
      description: Unauthorized - Authentication required or invalid credentials
      example:
        error:
          code: 401
          message: Missing Authentication header
      properties:
        error:
          $ref: '#/components/schemas/UnauthorizedResponseErrorData'
        openrouter_metadata:
          additionalProperties:
            nullable: true
          nullable: true
          type: object
        user_id:
          nullable: true
          type: string
      required:
        - error
      type: object
    ForbiddenResponse:
      description: Forbidden - Authentication successful but insufficient permissions
      example:
        error:
          code: 403
          message: Only management keys can perform this operation
      properties:
        error:
          $ref: '#/components/schemas/ForbiddenResponseErrorData'
        openrouter_metadata:
          additionalProperties:
            nullable: true
          nullable: true
          type: object
        user_id:
          nullable: true
          type: string
      required:
        - error
      type: object
    ConflictResponse:
      description: Conflict - Resource conflict or concurrent modification
      example:
        error:
          code: 409
          message: Resource conflict. Please try again later.
      properties:
        error:
          $ref: '#/components/schemas/ConflictResponseErrorData'
        openrouter_metadata:
          additionalProperties:
            nullable: true
          nullable: true
          type: object
        user_id:
          nullable: true
          type: string
      required:
        - error
      type: object
    InternalServerResponse:
      description: Internal Server Error - Unexpected server error
      example:
        error:
          code: 500
          message: Internal Server Error
      properties:
        error:
          $ref: '#/components/schemas/InternalServerResponseErrorData'
        openrouter_metadata:
          additionalProperties:
            nullable: true
          nullable: true
          type: object
        user_id:
          nullable: true
          type: string
      required:
        - error
      type: object
    BadRequestResponseErrorData:
      description: Error data for BadRequestResponse
      example:
        code: 400
        message: Invalid request parameters
      properties:
        code:
          type: integer
        message:
          type: string
        metadata:
          additionalProperties:
            nullable: true
          nullable: true
          type: object
      required:
        - code
        - message
      type: object
    UnauthorizedResponseErrorData:
      description: Error data for UnauthorizedResponse
      example:
        code: 401
        message: Missing Authentication header
      properties:
        code:
          type: integer
        message:
          type: string
        metadata:
          additionalProperties:
            nullable: true
          nullable: true
          type: object
      required:
        - code
        - message
      type: object
    ForbiddenResponseErrorData:
      description: Error data for ForbiddenResponse
      example:
        code: 403
        message: Only management keys can perform this operation
      properties:
        code:
          type: integer
        message:
          type: string
        metadata:
          additionalProperties:
            nullable: true
          nullable: true
          type: object
      required:
        - code
        - message
      type: object
    ConflictResponseErrorData:
      description: Error data for ConflictResponse
      example:
        code: 409
        message: Resource conflict. Please try again later.
      properties:
        code:
          type: integer
        message:
          type: string
        metadata:
          additionalProperties:
            nullable: true
          nullable: true
          type: object
      required:
        - code
        - message
      type: object
    InternalServerResponseErrorData:
      description: Error data for InternalServerResponse
      example:
        code: 500
        message: Internal Server Error
      properties:
        code:
          type: integer
        message:
          type: string
        metadata:
          additionalProperties:
            nullable: true
          nullable: true
          type: object
      required:
        - code
        - message
      type: object
  securitySchemes:
    apiKey:
      description: API key as bearer token in Authorization header
      scheme: bearer
      type: http

````