> ## Documentation Index
> Fetch the complete documentation index at: https://docs.leadlex.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List API Keys

> Return metadata for every API key in the workspace, without exposing plaintext secrets

## Request

API key secrets are only displayed once, at creation time. This endpoint returns metadata only: the name, permissions, rate-limit tier, and last-used timestamp. You cannot recover a plaintext key after its creation.

### Query Parameters

<ParamField query="page" type="integer" default="1">
  Page number.
</ParamField>

<ParamField query="per_page" type="integer" default="25">
  Results per page. Maximum 100.
</ParamField>

<ParamField query="include_revoked" type="boolean" default="false">
  When `true`, soft-deleted (revoked) keys are included.
</ParamField>

<ParamField query="search" type="string">
  Search by key name or description.
</ParamField>

### Headers

```
Authorization: Bearer wbk_your_api_key_here
```

## Response

<ResponseField name="data" type="object">
  <Expandable title="properties">
    <ResponseField name="api_keys" type="array">
      <Expandable title="API key object">
        <ResponseField name="id" type="string">API key UUID</ResponseField>
        <ResponseField name="name" type="string">User-assigned name</ResponseField>
        <ResponseField name="description" type="string">Optional description</ResponseField>
        <ResponseField name="prefix" type="string">First 8 characters of the key (e.g. `wbk_a1b2c3`)</ResponseField>
        <ResponseField name="permissions" type="array">Scopes granted to the key</ResponseField>
        <ResponseField name="rate_limit_tier" type="string">Rate-limit tier</ResponseField>
        <ResponseField name="created_by" type="string">User UUID who created the key</ResponseField>
        <ResponseField name="created_at" type="string">ISO 8601 timestamp</ResponseField>
        <ResponseField name="last_used_at" type="string">ISO 8601 timestamp of last authorized request</ResponseField>
        <ResponseField name="expires_at" type="string">ISO 8601 expiry timestamp, if set</ResponseField>
        <ResponseField name="revoked_at" type="string">ISO 8601 timestamp when the key was revoked, if any</ResponseField>
      </Expandable>
    </ResponseField>
  </Expandable>
</ResponseField>

<ResponseField name="meta" type="object">
  Pagination metadata.
</ResponseField>

Responses include `X-RateLimit-Limit`, `X-RateLimit-Remaining`, `X-RateLimit-Reset`, and `X-Request-ID`.

<CodeGroup>
  ```bash cURL theme={null}
  curl https://data.leadlex.com/functions/v1/api-gateway/v1/api-keys \
    -H "Authorization: Bearer wbk_your_api_key_here"
  ```

  ```python Python theme={null}
  import requests

  API_KEY = "wbk_your_api_key_here"
  BASE_URL = "https://data.leadlex.com/functions/v1/api-gateway"

  r = requests.get(
      f"{BASE_URL}/v1/api-keys",
      headers={"Authorization": f"Bearer {API_KEY}"},
  )
  for k in r.json()["data"]["api_keys"]:
      print(k["name"], k["prefix"], k["last_used_at"])
  ```

  ```javascript JavaScript theme={null}
  const res = await fetch(
    'https://data.leadlex.com/functions/v1/api-gateway/v1/api-keys',
    { headers: { Authorization: 'Bearer wbk_your_api_key_here' } },
  );
  const { data } = await res.json();
  console.log(data.api_keys.length);
  ```
</CodeGroup>

### Example Response

```json theme={null}
{
  "data": {
    "api_keys": [
      {
        "id": "key_01HY1",
        "name": "Production ingestion",
        "description": "Used by the nightly ingestion job",
        "prefix": "wbk_a1b2c3",
        "permissions": ["read:contacts", "write:contacts", "read:deals"],
        "rate_limit_tier": "standard",
        "created_by": "usr_01HW0",
        "created_at": "2026-02-11T09:00:00Z",
        "last_used_at": "2026-04-17T10:30:00Z",
        "expires_at": null,
        "revoked_at": null
      }
    ]
  },
  "meta": { "page": 1, "per_page": 25, "total": 3 }
}
```

## Errors

| Status | Code                       | Description                         |
| ------ | -------------------------- | ----------------------------------- |
| 401    | `invalid_key`              | Invalid or expired API key          |
| 403    | `insufficient_permissions` | Missing `admin:api_keys` permission |
| 429    | `rate_limited`             | Rate limit exceeded                 |