REST API can't create a project User Checkout Key


It’s not possible to create a User Checkout Key using the REST API.

The command exists, but does not work.

I raised this issue on Stack Overflow - ( ) before I knew of this forum.


Just wondering (as someone who has had a few roadbumps getting the API working), what happens exactly?

What error message does it throw, if any?


I believe I described the behaviour completely in the SO question :

if not please let me know.


Hi @martinhbramwell,

Thanks for pointing this out! I just tried playing with this endpoint and it does work, although the error messages aren’t very helpful. I was able to reproduce the error you demonstrated in the SO question by making the curl request.

In order to be able to add a user key to your project, CircleCI needs permissions from GitHub to add SSH keys to your account. You can grant it permission by visiting Project Settings > Permissions > Checkout SSH keys and clicking on Authorize w/ GitHub

You’ll be taken to a screen that looks like this:

After you authorize the CircleCI application, you should be able to use our API to add a checkout key of type github-user-key for any of your other projects using the curl command you attempted in your StackOverflow question:

curl -X POST \ 
--header "Content-Type: application/json" \ 
-d '{"type":"github-user-key"}' \




Thanks so much for clarifying that. I really appreciate it.

I have just tested and concur that the GitHub authorization does indeed free up the API method call to create the Checkout Key.

If I may express an opinion, I think this reveals a defect in usability design. Since the green “Authorize w/ GitHub” button enables heightened privileges to all of a user’s repos, it doesn’t make sense for it to be accessible only in at the level of Project Settings. It deserves to be up-rated to the same stature as: Notifications, API Tokens, Heroku Key etc in the User Profile Settings.

Also, I should be able to revoke the heightened privilege in GitHub, but have not found where that can be done without revoking all of CircleCI’s access and then reinstating. Where is that documented?

Sincere regards,


At the moment, there doesn’t seem to be a way undo the scope change without revoking CircleCI’s GitHub auth token entirely and signing in again.

I’ll let our product team know about your feedback.