WAFV2 / Client / create_api_key



Creates an API key that contains a set of token domains.

API keys are required for the integration of the CAPTCHA API in your JavaScript client applications. The API lets you customize the placement and characteristics of the CAPTCHA puzzle for your end users. For more information about the CAPTCHA JavaScript integration, see WAF client application integration in the WAF Developer Guide.

You can use a single key for up to 5 domains. After you generate a key, you can copy it for use in your JavaScript integration.

See also: AWS API Documentation

Request Syntax

response = client.create_api_key(
  • Scope (string) –


    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • TokenDomains (list) –


    The client application domains that you want to use this API key for.

    Example JSON: "TokenDomains": ["abc.com", "store.abc.com"]

    Public suffixes aren’t allowed. For example, you can’t use gov.au or co.uk as token domains.

    • (string) –

Return type:



Response Syntax

    'APIKey': 'string'

Response Structure

  • (dict) –

    • APIKey (string) –

      The generated, encrypted API key. You can copy this for use in your JavaScript CAPTCHA integration.


  • WAFV2.Client.exceptions.WAFInternalErrorException

  • WAFV2.Client.exceptions.WAFInvalidParameterException

  • WAFV2.Client.exceptions.WAFInvalidOperationException

  • WAFV2.Client.exceptions.WAFLimitsExceededException