Skip to main content
GET
http://localhost:5001
/
api-keys
curl --request GET \
  --url 'http://localhost:5001/api-keys?owner=owner_id' \
  --header 'X-blnk-key: <api-key>'

[
  {
    "api_key_id": "key_abc123def456",
    "name": "Service Account",
    "owner_id": "owner_id",
    "scopes": ["ledgers:read", "balances:write"],
    "expires_at": "2026-03-11T00:00:00Z",
    "created_at": "2024-01-15T10:30:00Z",
    "last_used_at": "2024-01-20T14:30:00Z"
  },
  {
    "api_key_id": "key_xyz789uvw012",
    "name": "Production API",
    "owner_id": "owner_id",
    "scopes": ["*:*"],
    "expires_at": "0001-01-01T00:00:00Z",
    "created_at": "2024-01-10T08:20:00Z",
    "last_used_at": "2024-01-19T10:15:00Z"
  }
]

Overview

List all API keys for a specific owner. The owner query parameter is required—you cannot retrieve API keys without specifying the owner identifier. Use this endpoint to audit and manage your API keys. Note that the actual API key value is not returned for security reasons.
Available on version 0.10.1 or later. Requires master key authentication (the server.secret_key from your configuration).

Authorization

If set, the API uses an API key for authentication. Include the following header in your requests: X-blnk-key: <api-key>. Replace <api-key> with your secret API key. Ensure the key is kept secure and not exposed in public repositories or client-side code. See also: Secure your Blnk server

Query Parameters

owner
string
required
Unique identifier of the owner. This parameter is required—the request will fail with a 401 Unauthorized error if omitted. Use the same owner identifier that was provided when creating the API keys.

Response

Returns an array of API key objects. Note that the actual key value is not returned for security reasons.
api_key_id
string
Unique identifier for the API key.
name
string
The name of the API key.
owner_id
string
The owner identifier associated with the API key.
scopes
array
List of permissions granted to the API key.
expires_at
string
The expiration date and time for the API key in ISO 8601 format.
created_at
string
ISO 8601 formatted timestamp of when the API key was created.
last_used_at
string
ISO 8601 formatted timestamp of when the API key was last used for authentication.
curl --request GET \
  --url 'http://localhost:5001/api-keys?owner=owner_id' \
  --header 'X-blnk-key: <api-key>'

[
  {
    "api_key_id": "key_abc123def456",
    "name": "Service Account",
    "owner_id": "owner_id",
    "scopes": ["ledgers:read", "balances:write"],
    "expires_at": "2026-03-11T00:00:00Z",
    "created_at": "2024-01-15T10:30:00Z",
    "last_used_at": "2024-01-20T14:30:00Z"
  },
  {
    "api_key_id": "key_xyz789uvw012",
    "name": "Production API",
    "owner_id": "owner_id",
    "scopes": ["*:*"],
    "expires_at": "0001-01-01T00:00:00Z",
    "created_at": "2024-01-10T08:20:00Z",
    "last_used_at": "2024-01-19T10:15:00Z"
  }
]
The actual api_key value is not returned for security reasons. If you need to view or regenerate the key value, you’ll need to create a new API key.

Need help?

We are very happy to help you make the most of Blnk, regardless of whether it is your first time or you are switching from another tool. To ask questions or discuss issues, please contact us or join our Discord community.
Tip: Connect to Blnk Cloud to see your Core data.You can view your transactions, manage identities, create custom reports, invite other team members to collaborate, and perform operations on your Core — all in one dashboard.Check out Blnk Cloud →