GET
/
v1
/
keys.getKey
curl --request GET \
  --url https://api.unkey.dev/v1/keys.getKey \
  --header 'Authorization: Bearer <token>'
{
  "id": "key_1234",
  "start": "sk_5j1",
  "workspaceId": "ws_1234",
  "apiId": "api_1234",
  "name": "Customer X",
  "ownerId": "user_123",
  "meta": {
    "roles": [
      "admin",
      "user"
    ],
    "stripeCustomerId": "cus_1234"
  },
  "createdAt": 123,
  "updatedAt": 123,
  "deletedAt": 123,
  "expires": 123,
  "remaining": 1000,
  "refill": {
    "interval": "daily",
    "amount": 10
  },
  "ratelimit": {
    "async": true,
    "limit": 10,
    "duration": 60
  },
  "roles": [
    "admin",
    "finance"
  ],
  "permissions": [
    "domain.dns.create_record",
    "finance.read_receipt"
  ],
  "enabled": true,
  "plaintext": "<string>"
}

Changelog

DateChanges
Dec 06 2023Introduced endpoint
May 15 2024Return updatedAt timestamp

Authorizations

Authorization
string
headerrequired

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Query Parameters

keyId
string
required

The id of the key to fetch

decrypt
boolean | null

Decrypt and display the raw key. Only possible if the key was encrypted when generated.

Response

200 - application/json
id
string
required

The id of the key

start
string
required

The first few characters of the key to visually identify it

workspaceId
string
required

The id of the workspace that owns the key

apiId
string

The id of the api that this key is for

name
string

The name of the key, give keys a name to easily identify their purpose

ownerId
string

The id of the tenant associated with this key. Use whatever reference you have in your system to identify the tenant. When verifying the key, we will send this field back to you, so you know who is accessing your API.

meta
object

Any additional metadata you want to store with the key

createdAt
number
required

The unix timestamp in milliseconds when the key was created

updatedAt
number

The unix timestamp in milliseconds when the key was last updated

deletedAt
number

The unix timestamp in milliseconds when the key was deleted. We don't delete the key outright, you can restore it later.

expires
number

The unix timestamp in milliseconds when the key will expire. If this field is null or undefined, the key is not expiring.

remaining
number

The number of requests that can be made with this key before it becomes invalid. If this field is null or undefined, the key has no request limit.

refill
object

Unkey allows you to refill remaining verifications on a key on a regular interval.

ratelimit
object

Unkey comes with per-key ratelimiting out of the box.

roles
string[]

All roles this key belongs to

permissions
string[]

All permissions this key has

enabled
boolean

Sets if key is enabled or disabled. Disabled keys are not valid.

plaintext
string

The key in plaintext

Was this page helpful?

Verify a keyUpdate a key