> ## Documentation Index
> Fetch the complete documentation index at: https://devkit4ai.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# List Developer Keys

> List all developer keys for the current developer user.

Retrieve all active developer keys for the authenticated developer account. This endpoint returns key metadata including usage timestamps and identification prefixes, but never returns the full key values.

## Authentication

Requires valid JWT token with `developer` role and an active developer key.

## Headers

<ParamField header="Authorization" type="string" required>
  Bearer JWT access token obtained from login
</ParamField>

<ParamField header="X-User-Role" type="string" required>
  Must be set to `developer`
</ParamField>

<ParamField header="X-Developer-Key" type="string" required>
  Active developer key for authentication (format: `ak_` + 32 characters)
</ParamField>

## Response

Returns an array of developer key objects without the full key values.

<ResponseField name="[].id" type="string">
  Unique identifier (UUID) for the developer key
</ResponseField>

<ResponseField name="[].name" type="string">
  Descriptive name assigned to the key (e.g., "Production API", "Staging Environment")
</ResponseField>

<ResponseField name="[].key_prefix" type="string">
  First 8 characters of the key for identification (e.g., `ak_abc12`)
</ResponseField>

<ResponseField name="[].is_active" type="boolean">
  Key status - only active keys are returned by this endpoint
</ResponseField>

<ResponseField name="[].last_used_at" type="string" nullable>
  ISO 8601 timestamp of the most recent API request using this key. Returns `null` if the key has never been used.
</ResponseField>

<ResponseField name="[].created_at" type="string">
  ISO 8601 timestamp when the key was created
</ResponseField>

## Example Request

```bash theme={null}
curl -X GET https://api.vibecoding.ad/api/v1/auth/developer-keys \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
  -H "X-User-Role: developer" \
  -H "X-Developer-Key: ak_abc123XYZ-_789def456ghi012jkl345"
```

## Example Response

```json theme={null}
[
  {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "name": "Production API",
    "key_prefix": "ak_abc12",
    "is_active": true,
    "last_used_at": "2025-12-07T09:15:00Z",
    "created_at": "2025-12-01T10:30:00Z"
  },
  {
    "id": "660e8400-e29b-41d4-a716-446655440001",
    "name": "Staging Environment",
    "key_prefix": "ak_xyz78",
    "is_active": true,
    "last_used_at": null,
    "created_at": "2025-12-05T14:20:00Z"
  },
  {
    "id": "770e8400-e29b-41d4-a716-446655440002",
    "name": "Development Key",
    "key_prefix": "ak_dev99",
    "is_active": true,
    "last_used_at": "2025-12-08T14:30:00Z",
    "created_at": "2025-11-15T08:00:00Z"
  }
]
```

## Use Cases

### Key Management Dashboard

Display all developer keys with usage statistics:

```typescript theme={null}
async function fetchDeveloperKeys(
  jwtToken: string,
  developerKey: string
): Promise<DeveloperKey[]> {
  const response = await fetch(
    'https://api.vibecoding.ad/api/v1/auth/developer-keys',
    {
      headers: {
        'Authorization': `Bearer ${jwtToken}`,
        'X-User-Role': 'developer',
        'X-Developer-Key': developerKey
      }
    }
  );
  
  if (!response.ok) {
    throw new Error('Failed to fetch developer keys');
  }
  
  return response.json();
}
```

(((REPLACE\_THIS\_WITH\_IMAGE: cloud-admin-developer-keys-list.png: Cloud Admin console showing list of developer keys with names, prefixes, last used timestamps, and action buttons)))

### Identify Unused Keys

Find keys that haven't been used recently for rotation:

```typescript theme={null}
function getUnusedKeys(keys: DeveloperKey[], daysSinceUse: number = 90) {
  const cutoffDate = new Date();
  cutoffDate.setDate(cutoffDate.getDate() - daysSinceUse);
  
  return keys.filter(key => {
    if (!key.last_used_at) return true; // Never used
    return new Date(key.last_used_at) < cutoffDate;
  });
}
```

### Key Rotation Workflow

Implement automated key rotation:

```typescript theme={null}
async function rotateOldKeys(
  jwtToken: string,
  developerKey: string,
  maxAgeDays: number = 90
) {
  // List all keys
  const keys = await fetchDeveloperKeys(jwtToken, developerKey);
  
  // Find keys older than maxAgeDays
  const oldKeys = keys.filter(key => {
    const created = new Date(key.created_at);
    const age = Date.now() - created.getTime();
    return age > maxAgeDays * 24 * 60 * 60 * 1000;
  });
  
  // Create new keys and revoke old ones
  for (const oldKey of oldKeys) {
    console.log(`Key ${oldKey.key_prefix} is ${Math.floor((Date.now() - new Date(oldKey.created_at).getTime()) / (24 * 60 * 60 * 1000))} days old`);
    // Implementation continues with create and revoke...
  }
}
```

## Security Considerations

<Note>
  The `last_used_at` timestamp is updated asynchronously and may have a delay of up to 1 minute. Use this for monitoring and auditing, not for real-time access control.
</Note>

### Best Practices

1. **Regular Audits**: Review keys monthly to identify unused or unnecessary keys
2. **Monitor Usage**: Track `last_used_at` to detect suspicious activity or compromised keys
3. **Name Convention**: Use consistent naming (e.g., "Production", "Staging", "CI/CD Pipeline")
4. **Limit Active Keys**: Keep only necessary keys active to minimize attack surface

## Error Responses

### Unauthorized (401)

```json theme={null}
{
  "detail": "Could not validate credentials"
}
```

Missing or invalid JWT token.

### Forbidden (403)

```json theme={null}
{
  "detail": "Insufficient permissions"
}
```

User role is not `developer` or developer key is invalid.

## Related Pages

<CardGroup cols={2}>
  <Card title="Create Developer Key" icon="plus" href="/cloud-api/auth/create-developer-key">
    Generate new developer keys
  </Card>

  <Card title="Revoke Developer Key" icon="ban" href="/cloud-api/auth/revoke-developer-key">
    Deactivate compromised or unused keys
  </Card>

  <Card title="Key Management Guide" icon="book" href="/cloud-admin/api-keys/creating-developer-keys">
    Cloud Admin UI workflow
  </Card>

  <Card title="Security Best Practices" icon="shield" href="/cloud-admin/api-keys/security-practices">
    Key rotation and security guidelines
  </Card>
</CardGroup>


## OpenAPI

````yaml GET /api/v1/auth/developer-keys
openapi: 3.1.0
info:
  title: Dev Kit for AI API
  description: 'API for Dev Kit for AI: Developer Toolkit for AI-Powered Web Applications'
  version: 1.6.1
servers:
  - url: https://api.devkit4ai.com
    description: Dev Kit for AI Production Server
  - url: https://api.vibecoding.ad
    description: Vibe Coding Production Server
security: []
paths:
  /api/v1/auth/developer-keys:
    get:
      tags:
        - Authentication
      summary: List Developer Keys
      description: List all developer keys for the current developer user.
      operationId: list_developer_keys_api_v1_auth_developer_keys_get
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema:
                items:
                  $ref: '#/components/schemas/DeveloperKeyResponse'
                type: array
                title: Response List Developer Keys Api V1 Auth Developer Keys Get
      security:
        - OAuth2PasswordBearer: []
components:
  schemas:
    DeveloperKeyResponse:
      properties:
        id:
          type: string
          format: uuid
          title: Id
        name:
          anyOf:
            - type: string
            - type: 'null'
          title: Name
        key_prefix:
          type: string
          title: Key Prefix
        is_active:
          type: boolean
          title: Is Active
        last_used_at:
          anyOf:
            - type: string
              format: date-time
            - type: 'null'
          title: Last Used At
        created_at:
          type: string
          format: date-time
          title: Created At
      type: object
      required:
        - id
        - name
        - key_prefix
        - is_active
        - last_used_at
        - created_at
      title: DeveloperKeyResponse
      description: Response payload for developer key (without full key)
  securitySchemes:
    OAuth2PasswordBearer:
      type: oauth2
      flows:
        password:
          scopes: {}
          tokenUrl: auth/login

````