POST
/
apps
/
{app_id}
/
auth
/
tokens
Create API key
curl --request POST \
  --url https://api.onesignal.com/apps/{app_id}/auth/tokens \
  --header 'Authorization: <authorization>' \
  --header 'Content-Type: <content-type>' \
  --data '{
  "name": "<string>",
  "ip_allowlist_mode": "disabled",
  "ip_allowlist": [
    "<string>"
  ]
}'
{
  "token_id": "<string>",
  "formatted_token": "<string>"
}

Overview

Use this API to create a new App API Key (also called a Rich Authentication Token) for a specific OneSignal app. These keys are used to authenticate API requests at the app level and offer enhanced security features, including optional IP allowlisting.
For background on different OneSignal API keys, see Keys & IDs.

How to use this API

Use your Organization API Key, to authenticate. This key is different from the standard REST API key.

IP allowlisting

By default, the API key will not be restricted to any specific IP addresses. To enable IP allowlisting, you need to set the ip_allowlist_mode parameter to explicit and provide a list of allowed IP addresses in the ip_allowlist parameter. If you want to set the explicit range of IPs that can use this API key, add them by setting ip_allowlist_mode to explicit and in ip_allowlist add the IPs in CIDRs notation as an array of string values.

Headers

Content-Type
string
default:application/json
required
Authorization
string
default:Key YOUR_ORGANIZATION_API_KEY
required

Your Organization API key with prefix Key. See Keys & IDs.

Path Parameters

app_id
string
default:YOUR_APP_ID
required

Your OneSignal App ID in UUID v4 format. See Keys & IDs.

Body

application/json

Response

200
application/json

200

The response is of type object.