List API Keys
GET
/web/v1/workspaces/{workspaceId}/api-keys JWTReturns a paginated list of all API keys belonging to the specified workspace. Secret values are never included in list responses.
Required Headers
| Header | Example Value | Description |
|---|---|---|
| Content-Type | application/json | Request content type |
| Accept | application/json | Expected response type |
| X-Client-Hash | Client device fingerprint | |
| Accept-Language | en, zh, zh-Hant, ja, vi | Response language (default: en) |
| Authorization | Bearer | JWT access token |
| X-Workspace-Id | Target workspace ID |
Request Parameters
| Name | Type | Required | In | Description |
|---|---|---|---|---|
workspaceId | string | Required | path | Workspace business ID |
page | integer | Optional | query | Page number (zero-based). Default: `0` |
size | integer | Optional | query | Page size. Default: `20` |
sort | string | Optional | query | Sort field and direction (e.g. `createdAt,desc`) |
Success Response
Success 200
{
"version": "1.3.0",
"timestamp": 1709337600000,
"success": true,
"code": "2000",
"message": "SUCCESS",
"data": {
"content": [
{
"apiKeyId": "sk_live_abc123",
"name": "Production Key",
"status": "ACTIVE",
"mode": "LIVE",
"permissions": [
"payment:read",
"payment:write"
],
"ipWhitelist": [
"192.168.1.0/24"
],
"createdAt": "2026-03-21T00:00:00Z",
"lastUsedAt": "2026-03-21T12:00:00Z",
"createdBy": "acc_owner123"
}
],
"totalElements": 1,
"totalPages": 1,
"size": 20,
"number": 0
}
}Error Responses
Unauthorized 401
{
"success": false,
"code": "4010",
"message": "Invalid or expired token"
}Forbidden — not workspace owner 403
{
"success": false,
"code": "4030",
"message": "Only workspace owner can manage API keys"
}Notes
- API key secrets are never returned in list responses.
- Only workspace OWNERs can list API keys.