API Keys
List API Keys
List the API keys for your account or organization.
GET /api/auth/api-key/listReturns all API keys owned by the authenticated user, or by a specific organization.
This endpoint authenticates with your logged-in dashboard session, not an API key. Send your session cookie with the request.
Query Parameters
Prop
Type
Response
Prop
Type
ApiKey Object
Prop
Type
curl -X GET "https://app.rybbit.io/api/auth/api-key/list?limit=20" \
-H "Cookie: better-auth.session_token=YOUR_SESSION_TOKEN"const response = await fetch(
'https://app.rybbit.io/api/auth/api-key/list?limit=20',
{
method: 'GET',
credentials: 'include'
}
);
const data = await response.json();import requests
response = requests.get(
'https://app.rybbit.io/api/auth/api-key/list?limit=20',
headers={
'Cookie': 'better-auth.session_token=YOUR_SESSION_TOKEN'
}
)
data = response.json()$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://app.rybbit.io/api/auth/api-key/list?limit=20");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Cookie: better-auth.session_token=YOUR_SESSION_TOKEN'
]);
$response = curl_exec($ch);
curl_close($ch);
$data = json_decode($response, true);require 'net/http'
require 'json'
uri = URI("https://app.rybbit.io/api/auth/api-key/list?limit=20")
req = Net::HTTP::Get.new(uri)
req['Cookie'] = 'better-auth.session_token=YOUR_SESSION_TOKEN'
res = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) { |http| http.request(req) }
data = JSON.parse(res.body)req, _ := http.NewRequest("GET", "https://app.rybbit.io/api/auth/api-key/list?limit=20", nil)
req.Header.Set("Cookie", "better-auth.session_token=YOUR_SESSION_TOKEN")
client := &http.Client{}
resp, _ := client.Do(req)
defer resp.Body.Close()
var data map[string]interface{}
json.NewDecoder(resp.Body).Decode(&data)let client = reqwest::Client::new();
let res = client
.get("https://app.rybbit.io/api/auth/api-key/list?limit=20")
.header("Cookie", "better-auth.session_token=YOUR_SESSION_TOKEN")
.send()
.await?;
let data: serde_json::Value = res.json().await?;HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://app.rybbit.io/api/auth/api-key/list?limit=20"))
.header("Cookie", "better-auth.session_token=YOUR_SESSION_TOKEN")
.GET()
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());using var client = new HttpClient();
client.DefaultRequestHeaders.Add("Cookie", "better-auth.session_token=YOUR_SESSION_TOKEN");
var response = await client.GetAsync("https://app.rybbit.io/api/auth/api-key/list?limit=20");
var data = await response.Content.ReadAsStringAsync();The secret key value is only returned once, at creation. This endpoint returns the non-secret
start/prefix for display, never the full key.{
"apiKeys": [
{
"id": "key_8f3a1b2c4d5e6f7g",
"name": "CI pipeline",
"start": "rybbit_sk_live_xxxx",
"prefix": "rybbit_sk_live_",
"userId": "user_2a9b8c7d6e5f4g3h",
"enabled": true,
"expiresAt": "2026-07-25T12:00:00.000Z",
"createdAt": "2026-06-25T12:00:00.000Z",
"updatedAt": "2026-06-25T12:00:00.000Z",
"rateLimitEnabled": true,
"rateLimitMax": 200,
"rateLimitTimeWindow": 60000,
"requestCount": 42,
"remaining": null,
"lastRequest": "2026-06-25T13:30:00.000Z",
"metadata": null,
"permissions": null
}
],
"total": 1,
"limit": 20,
"offset": 0
}