List all API keys
Returns all API keys for the current organization. Key secrets are masked and only shown once at creation time.
Authorization
Bearer JWT Authorization header using the Bearer scheme. Enter 'Bearer' [space] and then your token.
In: header
Path Parameters
The tenant identifier
Query Parameters
Filter by origin. ALL (default) returns every key;
OWNED returns keys minted by users (USER + CLI);
SYSTEM returns auto-minted keys (WEBHOOK, CONNECTOR,
ASSET_WEBHOOK).
"UNSPECIFIED" | "ALL" | "OWNED" | "SYSTEM"Response Body
curl -X GET "https://api.fruxon.com/v1/tenants/string/tokens"[
{
"id": "00000000-0000-0000-0000-000000000000",
"name": "string",
"keyPrefix": "string",
"type": "USER",
"scopes": [
"string"
],
"createdBy": "string",
"createdAt": 0,
"modifiedAt": 0,
"expiresAt": 0,
"revokedAt": 0,
"lastUsedAt": 0,
"binding": {
"kind": "string",
"kindLabel": "string",
"resourceId": "string",
"resourceLabel": "string"
}
}
]{
"type": "string",
"title": "string",
"status": 0,
"detail": "string",
"instance": "string",
"property1": null,
"property2": null
}Rotate a service account's credential.
Mints a fresh API key for the service account and revokes its other active keys. Zero-downtime — the new key is live before the old ones are retired. The new key's plaintext secret is returned once.
Page through request activity for an API key.
Returns a page of request events newest-first — one per authenticated HTTP call made with the key — plus a `nextPageToken` the caller replays to fetch older events. Each event carries the method, route, status code and latency, so the dashboard can answer "what endpoints is this key calling, how often, and are the calls succeeding?". Distinct from `/auditEvents`, which is the key's security lifecycle (mint / rotate / revoke). This is the usage stream and is high-volume, hence cursor pagination rather than a flat list.