List API keys
https://api.triport.io/v1/keysReturn every API key on the authenticated account, including its public prefix, scopes, and status — but never the raw secret.
GET /v1/keys returns all API keys belonging to the currently signed-in
console user — both active and revoked keys — newest first. Use it to render
the key-management screen in your dashboard: each entry carries enough metadata
(name, public prefix, scopes, rate limit, last-used timestamp) to display and
manage the key without ever exposing the secret value.
This is a console endpoint, not a data-plane RPC call. It is authenticated
by the browser session cookie established at sign-in, not by an API key. There
is no Authorization: Bearer header on this request and no per-tier RPS limit
applies.
The raw key value is never returned here. A key's full secret is shown
exactly once — in the response to Create an API key — and
cannot be retrieved afterward. Every subsequent read, including this list call,
exposes only key_prefix, a short non-secret prefix you can use to visually
identify which key is which. If a user loses a key, the only path forward is to
rotate or revoke and create a new one.
Parameters
This endpoint takes no path, query, or body parameters. The account is determined entirely from the session cookie.
——optionalResponse
200 OK
idstring (UUID)namestringkey_prefixstringscopesstring[]solana:rpc, eth:rpc, stream.grpc.solana). ["*"] means all networks.rate_limitinteger0 means the account/tier default applies.statusstringactive or revoked. Revoked keys are listed for history but no longer authenticate.created_atstring (RFC 3339)last_used_atstring (RFC 3339)is_defaultbooleantrue for the account's auto-provisioned default key. The default key cannot be revoked.Errors
All errors share the envelope {"error": "<tag>"}. See errors.md
for the full reference.
| Code | Meaning | When it happens |
|---|---|---|
401 | unauthenticated | No valid session cookie. Sign in first; the stale cookie (if any) is cleared. |
405 | method_not_allowed | A verb other than GET was sent to /v1/keys for a read. |
500 | internal | Unexpected server-side error while loading keys. |
Examples
JavaScript (fetch)
// Runs in the browser against an authenticated console session.
const res = await fetch("https://api.triport.io/v1/keys", {
headers: { "Content-Type": "application/json" },
credentials: "include", // send the nl_session cookie
});
if (!res.ok) {
const { error } = await res.json();
throw new Error(`list keys failed: ${error}`);
}
const { keys } = await res.json();
for (const k of keys) {
console.log(`${k.name} (${k.key_prefix}) — ${k.status}`);
}TypeScript SDK (@triport/sdk)
import { TriportConsole } from "@triport/sdk";
// Console client authenticates with the browser session, not an API key.
const console = new TriportConsole({ baseUrl: "https://api.triport.io" });
const keys = await console.keys.list();
const active = keys.filter((k) => k.status === "active");
console.log(`${active.length} active key(s)`);Python (triport-sdk)
from triport import ConsoleClient
# Pass the session token captured at sign-in.
client = ConsoleClient(
base_url="https://api.triport.io",
session=os.environ["TRIPORT_SESSION"],
)
for key in client.keys.list():
print(f"{key.name} ({key.key_prefix}) — {key.status}")Notes
- Secrets are write-once. Only Create an API key ever returns the raw value. If you need a fresh secret for an existing key, rotate it.
- No pagination. All of an account's keys are returned in a single response; the list is small by design.
- Default key. Exactly one key is flagged
is_default. It is provisioned automatically on first sign-in and cannot be revoked — only rotated. - Scopes are public aliases. The values in
scopesare brand-neutral aliases (e.g.stream.grpc.solana); these are the same strings you pass when creating a key. See Create an API key for the full list. - Related: Create · Revoke · Rotate · Per-key endpoints · Usage.