Get User API Keys
GET/company/apikey/
Retrieves all API Keys created by the authenticated user, enabling the user to audit and manage their own programmatic access credentials.
Objective
To provide the user with visibility into their active API Keys, including their types and the temporary codes required for deletion.
Use Cases
- Audit which API Keys are active for the user
- Obtain the
temp_codenecessary to delete a specific key - Verify the permissions type of each key
- Identify old keys that should be rotated
Operation Flow
- Validates that the user exists and belongs to a company
- Searches for all keys associated with the user's ID
- Partially masks the keys for security (displays the first 8 and last 4 characters)
- Returns the list of keys with their metadata
Masking Mechanism
API Keys are partially displayed:
- Format:
sk_live_*****5678(first 8 characters + asterisks + last 4 characters) - Complete keys are only displayed at the moment of creation
- It is not possible to retrieve the complete key afterward
Important Considerations
- Only returns the user's own keys (not keys from other users in the company)
- Deleted keys (soft delete) do not appear in the list
- The
temp_codefield is required for deletion operations
Request
Responses
- 200
- 401
- 404
User's API Keys List
Response Headers
Unauthenticated
Response Headers
User not found or without API Keys