GET /api/keys
List the authenticated user's CLI API keys — metadata only, never the raw secret. A web-session-scoped Settings route.
Key management is a web Settings surface (Settings → API keys). This route backs that page; there’s no dedicated CLI command for it.
Lists the authenticated user’s CLI API keys — metadata only, never the raw secret. Better Auth’s apiKey plugin owns the underlying table; the route resolves the session from the request and re-checks ownership on referenceId.
Endpoint
GET https://scripto.codika.io/api/keysAuth
Session (web). Defends in depth on the resolved user.
Response (200)
{
"success": true,
"data": {
"keys": [
{
"id": "key_…",
"name": "scripto-cli",
"prefix": "scripto_",
"start": "scripto_ab",
"createdAt": "2026-06-20T10:00:00.000Z",
"expiresAt": null
}
]
}
}The raw key value is never in this response — it’s only returned once, at creation.
Errors
| HTTP | code | Cause |
|---|---|---|
| 401 | unauthenticated | Not signed in. |
| 500 | internal | Backend error. |
Next
- POST /api/keys — mint a key.
- DELETE /api/keys/[id] — revoke a key.
- API keys — the policy.