> ## Documentation Index
> Fetch the complete documentation index at: https://api-docs.sevalla.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get current API key

> Retrieve the details of the API key used to authenticate the current request, including a unified list of its effective capabilities (the permissions from its roles merged with its custom capabilities). Use this to discover what the calling key is allowed to do without knowing its ID. Any valid API key can call this endpoint regardless of its permissions. The token value is masked for security.



## OpenAPI

````yaml https://api.sevalla.com/v3/openapi.json get /api-keys/me
openapi: 3.1.0
info:
  title: Sevalla API docs
  version: 1.0.0
servers:
  - url: https://api.sevalla.com/v3
security:
  - bearerAuth: []
paths:
  /api-keys/me:
    get:
      tags:
        - API Keys
      summary: Get current API key
      description: >-
        Retrieve the details of the API key used to authenticate the current
        request, including a unified list of its effective capabilities (the
        permissions from its roles merged with its custom capabilities). Use
        this to discover what the calling key is allowed to do without knowing
        its ID. Any valid API key can call this endpoint regardless of its
        permissions. The token value is masked for security.
      operationId: getCurrentApiKeyV3
      responses:
        '200':
          description: Default Response
          content:
            application/json:
              schema:
                type: object
                properties:
                  id:
                    type: string
                    format: uuid
                    pattern: >-
                      ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$
                    description: Unique identifier for the API key
                    example: fb5e5168-4281-4bec-94c5-0d1584e9e657
                  company_id:
                    type: string
                    format: uuid
                    pattern: >-
                      ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$
                    description: Identifier of the company that owns this API key
                    example: fb5e5168-4281-4bec-94c5-0d1584e9e657
                  name:
                    type: string
                    minLength: 1
                    maxLength: 255
                    description: Human-readable name for the API key
                    example: My API Key
                  is_enabled:
                    type: boolean
                    description: >-
                      Whether the API key is currently active and can be used
                      for authentication
                  source:
                    type: string
                    enum:
                      - DASHBOARD
                      - CLI
                      - EXTERNAL
                      - SUPPORT_MCP
                    description: >-
                      How the API key was created - `DASHBOARD` created via the
                      web dashboard, `CLI` created via CLI, `EXTERNAL` created
                      via the API
                  masked_token:
                    type: string
                    description: >-
                      Masked version of the token showing only the first 6 and
                      last 4 characters
                    example: svl_ab...wxyz
                  capabilities:
                    type: array
                    items:
                      type: object
                      properties:
                        permission:
                          type: string
                          description: Permission string in RESOURCE:ACTION format
                          example: APP:READ
                        resource_id:
                          anyOf:
                            - type: string
                            - type: 'null'
                          description: >-
                            Resource ID this capability is scoped to. Null means
                            the permission applies to all resources
                          example: fb5e5168-4281-4bec-94c5-0d1584e9e657
                      required:
                        - permission
                        - resource_id
                      additionalProperties: false
                    description: >-
                      The key's effective capabilities, combining permissions
                      granted by its roles (which always apply to all resources,
                      so resource_id is null) with its custom capabilities. When
                      a permission is granted for all resources, any
                      resource-scoped grant for the same permission is omitted
                      as redundant.
                  last_used_at:
                    anyOf:
                      - type: string
                        format: date-time
                        pattern: >-
                          ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$
                      - type: 'null'
                    description: >-
                      Timestamp when the API key was last used for
                      authentication, in ISO 8601 format
                    example: '2024-01-01T00:00:00.000Z'
                  expired_at:
                    anyOf:
                      - type: string
                        format: date-time
                        pattern: >-
                          ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$
                      - type: 'null'
                    description: >-
                      Timestamp when the API key expires, in ISO 8601 format.
                      Null means no expiration
                    example: '2025-01-01T00:00:00.000Z'
                  old_token_expired_at:
                    anyOf:
                      - type: string
                        format: date-time
                        pattern: >-
                          ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$
                      - type: 'null'
                    description: >-
                      Timestamp when the previous token expires during rotation,
                      in ISO 8601 format. Null if no rotation is in progress
                    example: '2024-01-02T00:00:00.000Z'
                  created_at:
                    type: string
                    format: date-time
                    pattern: >-
                      ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$
                    description: Timestamp when the API key was created, in ISO 8601 format
                    example: '2024-01-01T00:00:00.000Z'
                  updated_at:
                    type: string
                    format: date-time
                    pattern: >-
                      ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$
                    description: >-
                      Timestamp when the API key was last updated, in ISO 8601
                      format
                    example: '2024-01-01T00:00:00.000Z'
                required:
                  - id
                  - company_id
                  - name
                  - is_enabled
                  - source
                  - masked_token
                  - capabilities
                  - last_used_at
                  - expired_at
                  - old_token_expired_at
                  - created_at
                  - updated_at
                additionalProperties: false
        '401':
          description: Default Response
          content:
            application/json:
              schema:
                type: object
                properties:
                  message:
                    type: string
                    description: Error message
                    example: Unauthorized
                  status:
                    type: integer
                    minimum: -9007199254740991
                    maximum: 9007199254740991
                    description: HTTP status code
                    example: 401
                  data:
                    type: object
                    properties:
                      code:
                        description: Error tracking code for support reference
                        example: err-abc-123
                        type: string
                      message:
                        description: Additional error details or instructions
                        example: >-
                          If you need assistance, please contact support and
                          provide this error code.
                        type: string
                    additionalProperties: false
                required:
                  - message
                  - status
                additionalProperties: false
        '500':
          description: Default Response
          content:
            application/json:
              schema:
                type: object
                properties:
                  message:
                    type: string
                    description: Error message
                    example: Internal Server Error
                  status:
                    type: integer
                    minimum: -9007199254740991
                    maximum: 9007199254740991
                    description: HTTP status code
                    example: 500
                  data:
                    type: object
                    properties:
                      code:
                        description: Error tracking code for support reference
                        example: err-abc-123
                        type: string
                      message:
                        description: Additional error details or instructions
                        example: >-
                          If you need assistance, please contact support and
                          provide this error code.
                        type: string
                    additionalProperties: false
                required:
                  - message
                  - status
                additionalProperties: false
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      description: >-
        API key authentication. Pass your API key as a Bearer token in the
        Authorization header.

````