keys

Get API key by hash

Find out what key this is.

Required Permissions

Your root key must have one of the following permissions for basic key information:

api.*.read_key (to read keys from any API)
api.<api_id>.read_key (to read keys from a specific API)

If your rootkey lacks permissions but the key exists, we may return a 404 status here to prevent leaking the existance of a key to unauthorized clients. If you believe that a key should exist, but receive a 404, please double check your root key has the correct permissions.

POST

keys.whoami

Go (SDK)

package main

import(
	"context"
	"os"
	unkey "github.com/unkeyed/sdks/api/go/v2"
	"github.com/unkeyed/sdks/api/go/v2/models/components"
	"log"
)

func main() {
    ctx := context.Background()

    s := unkey.New(
        unkey.WithSecurity(os.Getenv("UNKEY_ROOT_KEY")),
    )

    res, err := s.Keys.Whoami(ctx, components.V2KeysWhoamiRequestBody{
        Key: "sk_1234abcdef5678",
    })
    if err != nil {
        log.Fatal(err)
    }
    if res.V2KeysWhoamiResponseBody != nil {
        // handle response
    }
}

{
  "meta": {
    "requestId": "req_123"
  },
  "data": {
    "keyId": "key_1234567890abcdef",
    "start": "sk_test_abc123",
    "enabled": true,
    "createdAt": 1701425400000,
    "name": "Production API Key",
    "meta": null,
    "updatedAt": 1701425400000,
    "expires": 1735689600000,
    "permissions": [
      "documents.read",
      "documents.write"
    ],
    "roles": [
      "editor",
      "viewer"
    ],
    "identity": {
      "id": "<string>",
      "externalId": "<string>",
      "meta": {},
      "ratelimits": [
        {
          "id": "rl_1234567890abcdef",
          "name": "api_requests",
          "limit": 1000,
          "duration": 3600000,
          "autoApply": true
        }
      ]
    },
    "plaintext": "sk_test_abc123def456",
    "ratelimits": [
      {
        "id": "rl_1234567890abcdef",
        "name": "api_requests",
        "limit": 1000,
        "duration": 3600000,
        "autoApply": true
      }
    ],
    "keyCredits": {
      "remaining": 1000,
      "refill": {
        "interval": "daily",
        "amount": 1000,
        "refillDay": 15
      }
    }
  }
}

Authorizations

Authorization

string

header

required

Unkey uses API keys (root keys) for authentication. These keys authorize access to management operations in the API. To authenticate, include your root key in the Authorization header of each request:

Authorization: Bearer unkey_123

Root keys have specific permissions attached to them, controlling what operations they can perform. Key permissions follow a hierarchical structure with patterns like resource.resource_id.action (e.g., apis.*.create_key, apis.*.read_api). Security best practices:

Keep root keys secure and never expose them in client-side code
Use different root keys for different environments
Rotate keys periodically, especially after team member departures
Create keys with minimal necessary permissions following least privilege principle
Monitor key usage with audit logs.

Body

application/json

key

string

required

The complete API key string provided by you, including any prefix. Never log, cache, or store API keys in your system as they provide full access to user resources. Include the full key exactly as provided - even minor modifications will cause a not found error.

Required string length: 1 - 512

Example:

"sk_1234abcdef5678"

Response

Successfully retrieved key information.

meta

object

required

Metadata object included in every API response. This provides context about the request and is essential for debugging, audit trails, and support inquiries. The requestId is particularly important when troubleshooting issues with the Unkey support team.

Show child attributes

data

object

required

Show child attributes

Create permissionCreate a new permission to define specific actions or capabilities in your RBAC system. Permissions can be assigned directly to API keys or included in roles. Use hierarchical naming patterns like `documents.read`, `admin.users.delete`, or `billing.invoices.create` for clear organization. **Important:** Permission names must be unique within the workspace. Once created, permissions are immediately available for assignment. **Required Permissions** Your root key must have the following permission: - `rbac.*.create_permission`

⌘I

Go (SDK)

package main

import(
	"context"
	"os"
	unkey "github.com/unkeyed/sdks/api/go/v2"
	"github.com/unkeyed/sdks/api/go/v2/models/components"
	"log"
)

func main() {
    ctx := context.Background()

    s := unkey.New(
        unkey.WithSecurity(os.Getenv("UNKEY_ROOT_KEY")),
    )

    res, err := s.Keys.Whoami(ctx, components.V2KeysWhoamiRequestBody{
        Key: "sk_1234abcdef5678",
    })
    if err != nil {
        log.Fatal(err)
    }
    if res.V2KeysWhoamiResponseBody != nil {
        // handle response
    }
}

{
  "meta": {
    "requestId": "req_123"
  },
  "data": {
    "keyId": "key_1234567890abcdef",
    "start": "sk_test_abc123",
    "enabled": true,
    "createdAt": 1701425400000,
    "name": "Production API Key",
    "meta": null,
    "updatedAt": 1701425400000,
    "expires": 1735689600000,
    "permissions": [
      "documents.read",
      "documents.write"
    ],
    "roles": [
      "editor",
      "viewer"
    ],
    "identity": {
      "id": "<string>",
      "externalId": "<string>",
      "meta": {},
      "ratelimits": [
        {
          "id": "rl_1234567890abcdef",
          "name": "api_requests",
          "limit": 1000,
          "duration": 3600000,
          "autoApply": true
        }
      ]
    },
    "plaintext": "sk_test_abc123def456",
    "ratelimits": [
      {
        "id": "rl_1234567890abcdef",
        "name": "api_requests",
        "limit": 1000,
        "duration": 3600000,
        "autoApply": true
      }
    ],
    "keyCredits": {
      "remaining": 1000,
      "refill": {
        "interval": "daily",
        "amount": 1000,
        "refillDay": 15
      }
    }
  }
}

Introduction

Endpoints

Get API key by hash

Authorizations

Body

Response