List API Keys
developer/v1/keysReturns a paginated list of all active API keys for your organization. Shows key metadata (name, prefix, hint, environment), creation and last-used timestamps, permissions scopes, IP allowlists, rate limit overrides, and expiration status — without ever exposing actual key values. Aligns with OWASP API Security Key Management and NIST SP 800-57 key lifecycle recommendations.
What It Does
Retrieves all non-revoked API keys for the authenticated organization, ordered by creation date (newest first). Each key entry includes: unique key ID, name, key prefix (edns_live_ or edns_test_), last-4-character hint for identification, environment (live/test), granular permission scopes, rate limit override, IP allowlist, expiration date, last-used timestamp, and creation timestamp. Key values are never stored or returned — only the SHA-256 hash is persisted.
Why It's Useful
API key inventory management is a core requirement of SOC 2 CC6.1 (Logical Access Controls), ISO 27001 A.9.4 (System Access Control), and PCI DSS Requirement 8 (Identify Users and Authenticate Access). This endpoint provides complete visibility into your key portfolio for security audits, stale key identification, and permission reviews. Regular key inventory reviews are recommended by OWASP and NIST SP 800-57 as part of cryptographic key lifecycle management.
Use Cases
Key Inventory & Rotation Audit
During quarterly access reviews, list all API keys to identify keys older than 90 days (NIST SP 800-53 recommended rotation cycle), unused keys (no last_used_at), and keys with overly broad permissions that violate the principle of least privilege.
Complete key lifecycle visibility for compliance audits — identify stale, unused, and over-privileged keys that increase attack surface.
Environment Separation Verification
Verify that production applications use live-environment keys and staging/CI uses test-environment keys. Filter by environment to ensure no test keys are deployed to production.
Prevent environment cross-contamination that could expose test data in production or vice versa.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
active_only | string | Optional | Filter by status. Defaults to showing only active (non-revoked) keys.Example: true |
Response Fields
| Field | Type | Description |
|---|---|---|
keys | array | List of API key metadata objects (key values are never exposed) |
keys[].id | string | Unique key identifier (key_* format) |
keys[].name | string | Human-readable key name |
keys[].prefix | string | Key prefix for identification (edns_live_ or edns_test_) |
keys[].hint | string | Last 4 characters of the key for visual identification |
keys[].environment | string | Key environment: live or test |
keys[].permissions | array | Granted permission scopes (e.g., dns:read, domain:write) |
keys[].rate_limit_override | number|null | Custom rate limit override (requests/minute) or null for default |
keys[].ip_allowlist | array | IP addresses/CIDRs allowed to use this key (empty = unrestricted) |
keys[].expires_at | string|null | Key expiration date (ISO 8601) or null for no expiry |
keys[].last_used_at | string|null | Last activity timestamp (null if never used) |
keys[].created_at | string | Creation timestamp (ISO 8601) |
total | number | Total number of keys returned |
Code Examples
curl "https://api.edgedns.dev/v1/keys" \
-H "Authorization: Bearer YOUR_API_KEY"const response = await fetch(
'https://api.edgedns.dev/v1/keys',
{
headers: {
'Authorization': 'Bearer YOUR_API_KEY'
}
}
);
const data = await response.json();
console.log(data);import requests
response = requests.get(
'https://api.edgedns.dev/v1/keys',
headers={'Authorization': 'Bearer YOUR_API_KEY'},
params={
}
)
data = response.json()
print(data)Read the full List API Keys guide
Why it matters, real-world use cases, parameters, response fields, and how to call it from Claude, ChatGPT, or Gemini via MCP.
Read the guide →Related Endpoints
External References
Learn more about the standards and protocols behind this endpoint.
Try This Endpoint
Test the List API Keys endpoint live in the playground.