List API keys
List API keys for the current organization. Returns key metadata including name, kind, expiration, and last usage — the secret token value is never included in the response.
API key kinds:
personal— tied to a specific user, inherits that user’s permissions.team— scoped to one or more teams (groups), creates a service account with permissions derived from group membership.organization— organization-wide, creates a service account with a configurable role and on-call role.
Automated rotation workflow: Use filter[expires_at][lt] to find keys approaching expiration, then call the rotate endpoint to issue a new token before the old one expires. Combine with filter[active]=true to exclude already-expired keys.
Sorting: Use the sort parameter with a field name (e.g., sort=expires_at). Prefix with - for descending order (e.g., sort=-created_at). Allowed fields: name, kind, created_at, updated_at, expires_at, last_used_at.
Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
Query Parameters
Comma-separated list of relationships to include (role, on_call_role, created_by, groups)
Filter by API key kind: personal, team, organization
Search by name (case-insensitive partial match)
Filter by exact name
Filter by the user ID that owns the key
Filter team keys by group IDs (comma-separated)
Filter by role ID
When true, return only non-expired keys
When true, return only expired keys
Created after (ISO 8601)
Created at or after (ISO 8601)
Created before (ISO 8601)
Created at or before (ISO 8601)
Expires after (ISO 8601)
Expires at or after (ISO 8601)
Expires before (ISO 8601). Useful for finding keys approaching expiration.
Expires at or before (ISO 8601)
Last used after (ISO 8601)
Last used at or after (ISO 8601)
Last used before (ISO 8601)
Last used at or before (ISO 8601)
Sort by field. Prefix with - for descending (e.g., -created_at, expires_at)