Reten Docs
API Keys

List API Keys

Get all API keys for the current user and tenant.

GET /api/api-keys

Returns all API keys belonging to the authenticated user in the active tenant, ordered by creation date (newest first).

Auth: Required — MANAGE_API_KEYS permission

Example

curl -X GET https://api.reten.ai/api/api-keys \
  -H "Authorization: Bearer <token>" \
  -H "x-tenant-id: <tenant-id>"
import axios from 'axios';

const response = await axios.get(
  'https://api.reten.ai/api/api-keys',
  {
    headers: {
      Authorization: 'Bearer <token>',
      'x-tenant-id': '<tenant-id>',
    },
  }
);

const apiKeys = response.data;

Response 200 OK

[
  {
    "id": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
    "name": "CI/CD Pipeline Key",
    "keyPrefix": "rtn_sk_a1b2c3d4",
    "userId": "550e8400-e29b-41d4-a716-446655440000",
    "tenantId": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
    "isActive": true,
    "permissions": ["manage_commerces", "view_activities"],
    "expiresAt": "2026-12-31T23:59:59.000Z",
    "lastUsedAt": "2026-02-26T16:45:00.000Z",
    "createdAt": "2026-02-26T14:30:00.000Z",
    "revokedAt": null
  },
  {
    "id": "a3bb189e-8bf9-3888-9912-ace4e6543002",
    "name": "Monitoring Service",
    "keyPrefix": "rtn_sk_e5f6g7h8",
    "userId": "550e8400-e29b-41d4-a716-446655440000",
    "tenantId": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
    "isActive": false,
    "permissions": ["view_activities"],
    "expiresAt": null,
    "lastUsedAt": "2026-02-20T10:00:00.000Z",
    "createdAt": "2026-02-01T09:00:00.000Z",
    "revokedAt": "2026-02-25T12:00:00.000Z"
  }
]

Response Fields

FieldTypeDescription
idstringUUID of the API key
namestringHuman-readable label
keyPrefixstringDisplay prefix for identification (e.g., rtn_sk_a1b2c3d4)
userIdstringUUID of the user who created the key
tenantIdstringUUID of the associated tenant
isActivebooleantrue if the key is active, false if revoked
permissionsstring[]Permission names granted to this key
expiresAtstring | nullISO 8601 expiration date, or null if no expiration
lastUsedAtstring | nullISO 8601 timestamp of last use, or null if never used
createdAtstringISO 8601 creation timestamp
revokedAtstring | nullISO 8601 revocation timestamp, or null if active

Error Responses

StatusDescription
400No active tenant context
401Missing or invalid authentication token
403Insufficient permissions

Create API Key

Generate a new API key with scoped permissions for programmatic access.

Revoke API Key

Revoke an active API key to permanently disable it.