List service accounts.
Returns every service account in the tenant. Secrets are never included — a service account's credentials are ordinary API keys minted through the provision / rotate endpoints, and the plaintext is shown only once at mint time.
Authorization
Bearer JWT Authorization header using the Bearer scheme. Enter 'Bearer' [space] and then your token.
In: header
Path Parameters
The tenant identifier
Response Body
curl -X GET "https://api.fruxon.com/v1/tenants/string/serviceAccounts"{
"items": [
{
"id": "00000000-0000-0000-0000-000000000000",
"name": "string",
"description": "string",
"scopes": [
"string"
],
"isActive": false,
"createdBy": "string",
"createdAt": 0,
"modifiedAt": 0,
"revokedAt": 0
}
],
"nextPageToken": "string",
"totalCount": 0
}{
"type": "string",
"title": "string",
"status": 0,
"detail": "string",
"instance": "string",
"property1": null,
"property2": null
}{
"type": "string",
"title": "string",
"status": 0,
"detail": "string",
"instance": "string",
"property1": null,
"property2": null
}Handles an inbound webhook call authenticated via HMAC signature verification
Variant of `POST WebhookInbound` for providers that sign payloads (Stripe, GitHub, Slack, etc.) — the route does not act as a credential, and instead the provider-specific signature header is verified against the secret stored on the webhook. A failed verification returns 401; a successful one dispatches to subscribers identically to the API-key flow, returning the provider's expected ack body or 204. Anonymous endpoint, since the signature is the authentication.
List a service account's lifecycle audit events.
Returns the provisioned / rotated / revoked / used-while-revoked events for the service account, newest-first. This is the compliance-grade lifecycle trail of the principal; per-request activity for its keys lives under the API-key activity surface.