keys

Get API key

Retrieve detailed key information for dashboard interfaces and administrative purposes.

Use this to build key management dashboards showing users their key details, status, permissions, and usage data. You can identify keys by keyId or the actual key string.

Important: Set decrypt: true only in secure contexts to retrieve plaintext key values from recoverable keys.

Required Permissions

Your root key must have one of the following permissions for basic key information:

api.*.read_key (to read keys from any API)
api.<api_id>.read_key (to read keys from a specific API)

Additional permission required for decrypt functionality:

api.*.decrypt_key or api.<api_id>.decrypt_key

POST

keys.getKey

Go (SDK)

package main

import(
	"context"
	"os"
	unkey "github.com/unkeyed/sdks/api/go/v2"
	"github.com/unkeyed/sdks/api/go/v2/models/components"
	"log"
)

func main() {
    ctx := context.Background()

    s := unkey.New(
        unkey.WithSecurity(os.Getenv("UNKEY_ROOT_KEY")),
    )

    res, err := s.Keys.GetKey(ctx, components.V2KeysGetKeyRequestBody{
        KeyID: "key_1234abcd",
    })
    if err != nil {
        log.Fatal(err)
    }
    if res.V2KeysGetKeyResponseBody != nil {
        // handle response
    }
}

{
  "meta": {
    "requestId": "req_123"
  },
  "data": {
    "keyId": "key_1234567890abcdef",
    "start": "sk_test_abc123",
    "enabled": true,
    "name": "Production API Key",
    "meta": null,
    "createdAt": 1701425400000,
    "updatedAt": 1701425400000,
    "expires": 1735689600000,
    "permissions": [
      "documents.read",
      "documents.write"
    ],
    "roles": [
      "editor",
      "viewer"
    ],
    "credits": {
      "remaining": 1000,
      "refill": {
        "interval": "daily",
        "amount": 1000,
        "refillDay": 15
      }
    },
    "identity": {
      "id": "<string>",
      "externalId": "<string>",
      "meta": {},
      "ratelimits": [
        {
          "id": "rl_1234567890abcdef",
          "name": "api_requests",
          "limit": 1000,
          "duration": 3600000,
          "autoApply": true
        }
      ]
    },
    "plaintext": "sk_test_abc123def456",
    "ratelimits": [
      {
        "id": "rl_1234567890abcdef",
        "name": "api_requests",
        "limit": 1000,
        "duration": 3600000,
        "autoApply": true
      }
    ]
  }
}

Authorizations

Authorization

string

header

required

Unkey uses API keys (root keys) for authentication. These keys authorize access to management operations in the API. To authenticate, include your root key in the Authorization header of each request:

Authorization: Bearer unkey_123

Root keys have specific permissions attached to them, controlling what operations they can perform. Key permissions follow a hierarchical structure with patterns like resource.resource_id.action (e.g., apis.*.create_key, apis.*.read_api). Security best practices:

Keep root keys secure and never expose them in client-side code
Use different root keys for different environments
Rotate keys periodically, especially after team member departures
Create keys with minimal necessary permissions following least privilege principle
Monitor key usage with audit logs.

Body

application/json

Response

200

application/json

Successfully retrieved key information. When decrypt: true, includes plaintext key value for recoverable keys.

The response is of type object.

Remove key permissionsRemove permissions from a key without affecting existing roles or other permissions. Use this for privilege downgrades, removing temporary access, or plan changes that revoke specific capabilities. Permissions granted through roles remain unchanged. **Important**: Changes take effect immediately with up to 30-second edge propagation. **Required Permissions** Your root key must have one of the following permissions: - `api.*.update_key` (to update keys in any API) - `api.<api_id>.update_key` (to update keys in a specific API) **Side Effects** Invalidates the key cache for immediate effect, and makes permission changes available for verification within 30 seconds across all regions.

Go (SDK)

package main

import(
	"context"
	"os"
	unkey "github.com/unkeyed/sdks/api/go/v2"
	"github.com/unkeyed/sdks/api/go/v2/models/components"
	"log"
)

func main() {
    ctx := context.Background()

    s := unkey.New(
        unkey.WithSecurity(os.Getenv("UNKEY_ROOT_KEY")),
    )

    res, err := s.Keys.GetKey(ctx, components.V2KeysGetKeyRequestBody{
        KeyID: "key_1234abcd",
    })
    if err != nil {
        log.Fatal(err)
    }
    if res.V2KeysGetKeyResponseBody != nil {
        // handle response
    }
}

{
  "meta": {
    "requestId": "req_123"
  },
  "data": {
    "keyId": "key_1234567890abcdef",
    "start": "sk_test_abc123",
    "enabled": true,
    "name": "Production API Key",
    "meta": null,
    "createdAt": 1701425400000,
    "updatedAt": 1701425400000,
    "expires": 1735689600000,
    "permissions": [
      "documents.read",
      "documents.write"
    ],
    "roles": [
      "editor",
      "viewer"
    ],
    "credits": {
      "remaining": 1000,
      "refill": {
        "interval": "daily",
        "amount": 1000,
        "refillDay": 15
      }
    },
    "identity": {
      "id": "<string>",
      "externalId": "<string>",
      "meta": {},
      "ratelimits": [
        {
          "id": "rl_1234567890abcdef",
          "name": "api_requests",
          "limit": 1000,
          "duration": 3600000,
          "autoApply": true
        }
      ]
    },
    "plaintext": "sk_test_abc123def456",
    "ratelimits": [
      {
        "id": "rl_1234567890abcdef",
        "name": "api_requests",
        "limit": 1000,
        "duration": 3600000,
        "autoApply": true
      }
    ]
  }
}

Introduction

Endpoints

Get API key

Authorizations

Body

Response