Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.tumban.com/llms.txt

Use this file to discover all available pages before exploring further.

List the organization’s API keys. Key hashes and raw values are never returned. By default the response includes only active (non-revoked) keys. Pass ?include_revoked=true to also receive revoked keys with their audit trail (revoked_at, revoked_by). 
GET /api/v2/org/api-keys

Query parameters

include_revoked
boolean
default:"false"
When true, the response also includes revoked keys.

Response

api_keys
object[]
required
List of key metadata records.

api_keys[]

key_id
string
required
Stable key identifier (key_<16-hex>). Pass this to Revoke API key.
org_id
string
required
The owning organization id.
name
string
required
The label assigned at creation.
revoked
boolean
required
false for active keys. Only true when include_revoked=true is set on the request.
created_at
string
required
When the key was created.
last_used_at
string
Timestamp of the most recent successful authentication with this key. null if the key has never been used.
created_by
string
User id of the creator, when available. null for keys created via the API.
revoked_at
string
Present on revoked keys (when include_revoked=true). ISO 8601 UTC timestamp of revocation.
revoked_by
string
Present on revoked keys (when include_revoked=true). User id of whoever revoked the key.

Examples

Active keys only (default)

curl https://api.tumban.com/api/v2/org/api-keys \
  -H "Authorization: Bearer sk_xxx"

{
  "api_keys": [
    {
      "key_id": "key_a1b2c3d4e5f6a7b8",
      "org_id": "org_2abc...",
      "name": "ci-pipeline",
      "revoked": false,
      "created_at": "2026-04-29T12:00:00",
      "last_used_at": "2026-04-29T12:34:56",
      "created_by": "user_2def..."
    }
  ]
}

Including revoked keys (audit-trail view)

curl "https://api.tumban.com/api/v2/org/api-keys?include_revoked=true" \
  -H "Authorization: Bearer sk_xxx"

{
  "api_keys": [
    {
      "key_id": "key_a1b2c3d4e5f6a7b8",
      "org_id": "org_2abc...",
      "name": "ci-pipeline",
      "revoked": false,
      "created_at": "2026-04-29T12:00:00",
      "last_used_at": "2026-04-29T12:34:56",
      "created_by": "user_2def..."
    },
    {
      "key_id": "key_old1234567890ab",
      "org_id": "org_2abc...",
      "name": "deprecated-laptop",
      "revoked": true,
      "created_at": "2026-02-10T09:14:00",
      "last_used_at": "2026-04-12T17:50:00",
      "created_by": "user_2def...",
      "revoked_at": "2026-04-15T08:00:00",
      "revoked_by": "user_2def..."
    }
  ]
}

Using the dashboard

Open API Keys in the sidebar. The Active Keys tile lists every non-revoked key for the organization, showing the key id, label, and created-at timestamp. The dashboard does not currently surface last_used_at, created_by, or the audit-trail fields — read those from this endpoint directly.