Can't create cards using API?

dominicwild1 · April 24, 2026, 12:51pm

I do a request like:

curl --request POST \
  --url https://api.supernotes.app/v1/cards \
  --header 'Api-Key: XXXX' \
  --header 'Content-Type: application/json' \
  --data '
{
  "[card_id]": {
    "data": {
      "name": "Test Card",
      "markup": "# Testing",
      "html": "",
      "tags": [],
      "id": "b04c7f96-41e1-4ece-8922-8eb96586055e"
    },
    "membership": {
      "personal_tags": [],
      "id": "b04c7f96-41e1-4ece-8922-8eb96586055e"
    }
  }
}

And I get the following response:

{
  "type": "basic",
  "detail": "api key missing required scope: CARDS_CREATE",
  "meta": null,
  "status": 403
}

Reading around, I thought you were able to create cards? Is there some fine grained API keys you create somewhere?

I created a second API key and it had the same issue.

connor · April 26, 2026, 6:52am

Hi @dominicwild1! Yes, and sorry, this is something we intended to flag in our last release notes, but forgot.

But also good news: Supernotes API keys now have scopes! Newly created API keys default to READ scope, which as you can expect prevents keys from performing any actions that are not read-only. This is especially useful for some users who want to give agentic access to Supernotes (for context ingestion) without giving that agent the ability to make destructive actions.

You’ll just need to change your API key to have the proper scope. “Read + Append” allows creation without access to things like deleting cards, which might be best for your use-case. If you want keys that behave as they did before Supernotes 3.2.4, you can use the “Full” scope.

dominicwild1 · April 27, 2026, 11:31am

Thanks! Got it working now. I didn’t have my supernotes updated.