> ## Documentation Index
> Fetch the complete documentation index at: https://altostrat.io/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# List API keys

> Returns the API keys owned by the current organization. Secrets are never returned from this endpoint.



## OpenAPI

````yaml /api/en/api-keys.yaml get /api/keys
openapi: 3.0.3
info:
  title: Altostrat SDX API Keys API
  version: 1.0.0
  description: >-
    Create, list, inspect, rotate, and revoke SDX API keys through the public
    `/api/keys` gateway path. API key secrets are returned only when you create
    or rotate a key.
servers:
  - url: https://v1.api.altostrat.io
    description: Production API Server
security:
  - BearerAuth: []
tags:
  - name: API Keys
    description: Manage server-to-server credentials for integrations that call SDX APIs.
paths:
  /api/keys:
    get:
      tags:
        - API Keys
      summary: List API keys
      description: >-
        Returns the API keys owned by the current organization. Secrets are
        never returned from this endpoint.
      operationId: listApiKeys
      responses:
        '200':
          description: API keys for the organization.
          content:
            application/json:
              schema:
                oneOf:
                  - type: array
                    items:
                      $ref: '#/components/schemas/ApiKey'
                  - $ref: '#/components/schemas/ApiKeyListEnvelope'
        '401':
          $ref: '#/components/responses/Unauthorized'
components:
  schemas:
    ApiKey:
      type: object
      required:
        - id
        - object
        - name
        - key_prefix
        - client_id
        - created_at
        - status
      properties:
        id:
          type: string
          pattern: ^api_key_[0-9A-Za-z]{27}$
          example: api_key_2m3h5n7k9j8g7f6e5d4c3b2a
        object:
          type: string
          enum:
            - api_key
          example: api_key
        name:
          type: string
          example: Production automation
        key_prefix:
          type: string
          description: >-
            The visible prefix of the secret. Use this to identify a key without
            exposing its secret.
          example: alto_sk_ab123
        client_id:
          type: string
          description: The backing machine-to-machine client identifier.
          example: C3HqXo4o6Yb5Kp0oV9x8
        permissions:
          type: array
          items:
            type: string
          example:
            - sites:read
            - scripts:write
        created_at:
          type: string
          format: date-time
          example: '2026-04-20T00:00:00Z'
        last_used_at:
          type: string
          format: date-time
          nullable: true
          example: null
        status:
          type: string
          example: active
    ApiKeyListEnvelope:
      type: object
      properties:
        status:
          type: string
          example: success
        data:
          type: array
          items:
            $ref: '#/components/schemas/ApiKey'
    ErrorResponse:
      type: object
      properties:
        message:
          type: string
          example: The given data was invalid.
        errors:
          type: object
          additionalProperties:
            type: array
            items:
              type: string
  responses:
    Unauthorized:
      description: Authentication is missing or invalid.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: >-
        Authenticate with an SDX user access token that has permission to manage
        API keys.

````