List API keys
List the tenant's API keys, newest-first by default, with cursor pagination. Each entry carries the name, non-secret prefix, permissions, scope, and created/last-used timestamps — **never the secret**, which is shown only once at creation.
List the tenant's API keys, newest-first by default, with cursor pagination. Each entry carries the name, non-secret prefix, permissions, scope, and created/last-used timestamps — never the secret, which is shown only once at creation.
The per-tenant API key. Sent as the x-api-key request header. The key
is tenant-scoped.
In: header
Query Parameters
Page size, 1-100. Defaults to 50.
Opaque token from a previous page's next_page_token. Omit for the first page.
Sort oldest-first when true. Defaults to newest-first.
Response Body
application/json
application/json
application/json
application/json
application/json
curl -X GET "https://example.com/api-keys"{ "count": 0, "limit": 0, "next_page_token": "string", "api_keys": [ { "api_key_id": "string", "name": "string", "prefix": "string", "permissions": { "property1": true, "property2": true }, "scope_type": "organization", "scope_inbox_id": "string", "created_at": "2019-08-24T14:15:22Z", "last_used_at": "2019-08-24T14:15:22Z" } ]}{ "name": "string", "message": "string"}{ "name": "string", "message": "string"}{ "name": "validation", "errors": { "property1": "string", "property2": "string" }}{ "name": "string", "message": "string"}Revoke an API key DELETE
Revoke (hard-delete) an API key by id. The revoke is effective immediately on every surface — the key stops authenticating at once. An unknown, already-revoked, or cross-tenant id returns not-found; a revoke is never silently successful on a missing key.
Identity and scope of the calling key GET
Return the calling API key's **identity and scope** — the canonical "is my key valid, and what can it see?" probe. Returns identity/scope only; it never returns plan or limits (see `/metrics/usage` for usage). `scope_type` is `organization` for a key that reaches the whole tenant, or `inbox` for a key pinned to a single inbox. `scope_id` is the id that scope resolves to — the tenant for an organization key, the inbox for an inbox key. `inbox_id` is present only for an inbox-scoped key.