> ## Documentation Index
> Fetch the complete documentation index at: https://api-docs.sevalla.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List API keys

> Retrieve a paginated list of all API keys for the authenticated company. Results are ordered by creation date (newest first). Token values are masked for security.



## OpenAPI

````yaml https://api.sevalla.com/v3/openapi.json get /api-keys
openapi: 3.1.0
info:
  title: Sevalla API docs
  version: 1.0.0
servers:
  - url: https://api.sevalla.com/v3
security:
  - bearerAuth: []
paths:
  /api-keys:
    get:
      tags:
        - API Keys
      summary: List API keys
      description: >-
        Retrieve a paginated list of all API keys for the authenticated company.
        Results are ordered by creation date (newest first). Token values are
        masked for security.
      operationId: listApiKeysV3
      parameters:
        - schema:
            default: 25
            example: 25
            type: integer
            minimum: 1
            maximum: 100
          in: query
          name: limit
          required: false
          description: Maximum number of items per page
        - schema:
            default: 0
            example: 0
            type: integer
            minimum: 0
            maximum: 10000
          in: query
          name: offset
          required: false
          description: Number of items to skip
      responses:
        '200':
          description: Default Response
          content:
            application/json:
              schema:
                type: object
                properties:
                  data:
                    type: array
                    items:
                      type: object
                      properties:
                        id:
                          type: string
                          format: uuid
                          pattern: >-
                            ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$
                          description: Unique identifier for the API key
                          example: fb5e5168-4281-4bec-94c5-0d1584e9e657
                        company_id:
                          type: string
                          format: uuid
                          pattern: >-
                            ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$
                          description: Identifier of the company that owns this API key
                          example: fb5e5168-4281-4bec-94c5-0d1584e9e657
                        name:
                          type: string
                          minLength: 1
                          maxLength: 255
                          description: Human-readable name for the API key
                          example: My API Key
                        is_enabled:
                          type: boolean
                          description: >-
                            Whether the API key is currently active and can be
                            used for authentication
                        source:
                          type: string
                          enum:
                            - DASHBOARD
                            - CLI
                            - EXTERNAL
                            - SUPPORT_MCP
                          description: >-
                            How the API key was created - `DASHBOARD` created
                            via the web dashboard, `CLI` created via CLI,
                            `EXTERNAL` created via the API
                        masked_token:
                          type: string
                          description: >-
                            Masked version of the token showing only the first 6
                            and last 4 characters
                          example: svl_ab...wxyz
                        roles:
                          type: array
                          items:
                            type: object
                            properties:
                              id:
                                type: string
                                format: uuid
                                pattern: >-
                                  ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$
                                description: Unique identifier for the role
                                example: fb5e5168-4281-4bec-94c5-0d1584e9e657
                              name:
                                type: string
                                description: Role name
                                example: COMPANY_ADMIN
                              description:
                                type: string
                                description: Human-readable description of the role
                            required:
                              - id
                              - name
                              - description
                            additionalProperties: false
                          description: Pre-defined roles assigned to this API key
                        capabilities:
                          type: array
                          items:
                            type: object
                            properties:
                              id:
                                type: string
                                format: uuid
                                pattern: >-
                                  ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$
                                description: Unique identifier for the capability
                                example: fb5e5168-4281-4bec-94c5-0d1584e9e657
                              permission:
                                type: string
                                description: Permission string in RESOURCE:ACTION format
                                example: APP:READ
                              resource_id:
                                anyOf:
                                  - type: string
                                  - type: 'null'
                                description: >-
                                  Optional resource ID this capability is scoped
                                  to. Null means access to all resources
                                example: fb5e5168-4281-4bec-94c5-0d1584e9e657
                            required:
                              - id
                              - permission
                              - resource_id
                            additionalProperties: false
                          description: Granular capabilities assigned to this API key
                        last_used_at:
                          anyOf:
                            - type: string
                              format: date-time
                              pattern: >-
                                ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$
                            - type: 'null'
                          description: >-
                            Timestamp when the API key was last used for
                            authentication, in ISO 8601 format
                          example: '2024-01-01T00:00:00.000Z'
                        expired_at:
                          anyOf:
                            - type: string
                              format: date-time
                              pattern: >-
                                ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$
                            - type: 'null'
                          description: >-
                            Timestamp when the API key expires, in ISO 8601
                            format. Null means no expiration
                          example: '2025-01-01T00:00:00.000Z'
                        old_token_expired_at:
                          anyOf:
                            - type: string
                              format: date-time
                              pattern: >-
                                ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$
                            - type: 'null'
                          description: >-
                            Timestamp when the previous token expires during
                            rotation, in ISO 8601 format. Null if no rotation is
                            in progress
                          example: '2024-01-02T00:00:00.000Z'
                        created_at:
                          type: string
                          format: date-time
                          pattern: >-
                            ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$
                          description: >-
                            Timestamp when the API key was created, in ISO 8601
                            format
                          example: '2024-01-01T00:00:00.000Z'
                        updated_at:
                          type: string
                          format: date-time
                          pattern: >-
                            ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$
                          description: >-
                            Timestamp when the API key was last updated, in ISO
                            8601 format
                          example: '2024-01-01T00:00:00.000Z'
                      required:
                        - id
                        - company_id
                        - name
                        - is_enabled
                        - source
                        - masked_token
                        - roles
                        - capabilities
                        - last_used_at
                        - expired_at
                        - old_token_expired_at
                        - created_at
                        - updated_at
                      additionalProperties: false
                    description: List of items
                  total:
                    type: integer
                    minimum: 0
                    maximum: 10000
                    description: Total number of items matching the query
                    example: 42
                  offset:
                    type: integer
                    minimum: 0
                    maximum: 10000
                    description: Current pagination offset
                    example: 0
                  limit:
                    type: integer
                    minimum: 1
                    maximum: 100
                    description: Current pagination limit
                    example: 25
                required:
                  - data
                  - total
                  - offset
                  - limit
                additionalProperties: false
        '401':
          description: Default Response
          content:
            application/json:
              schema:
                type: object
                properties:
                  message:
                    type: string
                    description: Error message
                    example: Unauthorized
                  status:
                    type: integer
                    minimum: -9007199254740991
                    maximum: 9007199254740991
                    description: HTTP status code
                    example: 401
                  data:
                    type: object
                    properties:
                      code:
                        description: Error tracking code for support reference
                        example: err-abc-123
                        type: string
                      message:
                        description: Additional error details or instructions
                        example: >-
                          If you need assistance, please contact support and
                          provide this error code.
                        type: string
                    additionalProperties: false
                required:
                  - message
                  - status
                additionalProperties: false
        '403':
          description: Default Response
          content:
            application/json:
              schema:
                type: object
                properties:
                  message:
                    type: string
                    description: Error message
                    example: Forbidden
                  status:
                    type: integer
                    minimum: -9007199254740991
                    maximum: 9007199254740991
                    description: HTTP status code
                    example: 403
                  data:
                    type: object
                    properties:
                      code:
                        description: Error tracking code for support reference
                        example: err-abc-123
                        type: string
                      message:
                        description: Additional error details or instructions
                        example: >-
                          If you need assistance, please contact support and
                          provide this error code.
                        type: string
                    additionalProperties: false
                required:
                  - message
                  - status
                additionalProperties: false
        '500':
          description: Default Response
          content:
            application/json:
              schema:
                type: object
                properties:
                  message:
                    type: string
                    description: Error message
                    example: Internal Server Error
                  status:
                    type: integer
                    minimum: -9007199254740991
                    maximum: 9007199254740991
                    description: HTTP status code
                    example: 500
                  data:
                    type: object
                    properties:
                      code:
                        description: Error tracking code for support reference
                        example: err-abc-123
                        type: string
                      message:
                        description: Additional error details or instructions
                        example: >-
                          If you need assistance, please contact support and
                          provide this error code.
                        type: string
                    additionalProperties: false
                required:
                  - message
                  - status
                additionalProperties: false
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      description: >-
        API key authentication. Pass your API key as a Bearer token in the
        Authorization header.

````