Get API Key
GET
/web/v1/workspaces/{workspaceId}/api-keys/{keyId}JWTRetrieves the details of a single API key by its business ID. The secret value is never included in the response.
Authentication
Auth Chain: WEB Chain — requires
Authorization: Bearer <jwt>Requires workspace OWNER role. These headers are injected by the system (frontend does nothing):X-PORTAL-ACCESS-CODE(Nginx),X-Request-Id(Gateway)
Request Parameters
| Name | Type | Required | In | Description |
|---|---|---|---|---|
workspaceId | string | Yes | path | Workspace business ID |
keyId | string | Yes | path | API key business ID |
Success Response
Success200
{
"version": "1.3.0",
"timestamp": 1709337600000,
"success": true,
"code": "2000",
"message": "SUCCESS",
"data": {
"apiKeyId": "sk_live_abc123",
"name": "Production Key",
"status": "ACTIVE",
"mode": "LIVE",
"permissions": [
"payment:read",
"payment:write"
],
"ipWhitelist": [
"192.168.1.0/24"
],
"createdAt": "2026-03-21T00:00:00Z",
"lastUsedAt": "2026-03-21T12:00:00Z",
"createdBy": "acc_owner123"
}
}Error Responses
Unauthorized401
{
"success": false,
"code": "4010",
"message": "Invalid or expired token"
}Not Found404
{
"success": false,
"code": "4040",
"message": "API key not found"
}Notes
- The API key secret is never returned after initial creation.
- Only workspace OWNERs can retrieve API key details.