List API keys

Return your account’s active keys. Secrets are never included — only the prefix, last four characters, scope, and last-used time. GET /v1/api-keys Keys are listed account-wide, so any valid key can enumerate the account’s keys. Revoked keys are hidden, as are internal service keys (including the one authenticating this request) — you can’t list or delete the credential you’re currently using.

Query parameters

limit

integer

Page size, 1–100.

cursor

string

The nextCursor from a previous response. See Pagination.

Request

curl https://api.drin.run/v1/api-keys \
  -H "Authorization: Bearer $DRIN_API_KEY"

Response

A cursor page of key objects. senderId / senderExternalId are null for account-wide keys; lastUsedAt is null until the key has authenticated a request.

200 OK

{
  "data": [
    {
      "id": "ak_7Yq3Lm",
      "name": "production",
      "keyPrefix": "drin_a1b2c3d4e5f6",
      "last4": "1a2b",
      "senderId": null,
      "senderExternalId": null,
      "scopes": ["emails:send"],
      "lastUsedAt": "2026-06-02T09:41:00.000Z",
      "revokedAt": null,
      "createdAt": "2026-06-02T10:00:00.000Z"
    }
  ],
  "nextCursor": null
}

Secrets stay secret. The secret is only ever returned by create. The list shows keyPrefix and last4 so you can identify a key without exposing it.

Delete an API keyDELETE /v1/api-keys/{id} — revoke a key. Access is cut immediately; the row is kept for the audit trail.

​Query parameters

​Request

​Response

Query parameters

Request

Response