> ## Documentation Index
> Fetch the complete documentation index at: https://developer.bron.org/llms.txt
> Use this file to discover all available pages before exploring further.

# Create API Key

To access the Bron API, you need an API key. Follow the steps below to create one:

<Steps>
  <Step title="Enable API Key Access">
    Go to **Workspace › Security** and make sure **Enable API key creation** is turned on. If it is disabled, contact your workspace owner to enable it.

    <Frame>
      <img src="https://mintcdn.com/bron/C5bKynGdDx5aCPyN/images/security-other-section-blurred.png?fit=max&auto=format&n=C5bKynGdDx5aCPyN&q=85&s=b5ec8ffa8c0ce8b6081a3367a20d6533" alt="Workspace Security Settings" width="3374" height="1710" data-path="images/security-other-section-blurred.png" />
    </Frame>
  </Step>

  <Step title="Start a New API Key creation">
    In **Workspace › API Keys**, click **New API Key**. Enter a name, select a role, and (optionally) specify allowed IP addresses.

    <Frame>
      <img src="https://mintcdn.com/bron/RA5FVLydZChGDQhk/images/api-key-creation-modal.png?fit=max&auto=format&n=RA5FVLydZChGDQhk&q=85&s=27c5145a183f94ea22c77d76086dd2c2" alt="New API Key Form" width="600" height="982" data-path="images/api-key-creation-modal.png" />
    </Frame>
  </Step>

  <Step title="Generate or Supply Your Key Pair">
    Bron uses asymmetric keys. You have two options:

    | Generation type        | Description                                                                                          |
    | :--------------------- | :--------------------------------------------------------------------------------------------------- |
    | **Self-generation**    | Generate the key pair yourself and share only the public key with Bron. Keep the private key secure. |
    | **Browser generation** | The browser generates the key pair; the private key never leaves the browser and is shown only once. |

    When you supply your own JWK, it must meet these requirements:

    | Property              | Requirement                                                                                     |
    | :-------------------- | :---------------------------------------------------------------------------------------------- |
    | **kty**               | Must be `"EC"`.                                                                                 |
    | **crv**               | One of `"P-256"`, `"P-384"`, `"P-521"`, `"SECP256K1"` or `"Ed25519"`.                           |
    | **x**, **y**          | Both required; base64url-encoded curve coordinates.                                             |
    | **No private fields** | Must not include `"d"` or any other private-key material.                                       |
    | **kid** (optional)    | 20–30 alphanumeric characters or hyphens (`^[0-9A-Za-z\-]{20,30}$`). Auto-generated if omitted. |

    **Example JWK**

    ```json theme={"system"}
    {"kty": "EC", "crv": "P-256", "x": "f83OJ3…x5YhE", "y": "x_FEzRu9…GtENQ", "kid": "a1B2c3D4e5F6g7H8i9J0"}
    ```

    <Accordion title="How to generate a key?" icon="lock">
      You can use any library that supports ES256 and JWK. For example:

      * **JavaScript (Node.js)**: [panva/jose](https://github.com/panva/jose)
      * **Java**: Nimbus [JOSE + JWT](https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/)
      * Or any other ES256-compatible library.

      **Node.js example**:

      ```js theme={"system"}
      import { generateKeyPair, exportJWK } from 'jose';

      const { publicKey, privateKey } = await generateKeyPair('ES256');
      const publicJwk  = await exportJWK(publicKey);
      const privateJwk = await exportJWK(privateKey);

      console.log(JSON.stringify(publicJwk));  // Send this to Bron
      console.log(JSON.stringify(privateJwk)); // Keep this safe
      ```
    </Accordion>
  </Step>
</Steps>
