List keys from logged-in browser

const r = await fetch('/api/v1/keys', { credentials: 'include' });
const { data } = await r.json();
data.forEach(k => console.log(`${k.key_prefix}: ${k.name} (${k.tier})`));

{
  "data": [
    {
      "id": "00000000-0000-4000-8000-000000000123",
      "key_prefix": "sk_live_zIc8",
      "name": "Production SIEM",
      "tier": "pro",
      "scopes": [
        "read:iocs",
        "read:articles",
        "read:articles:export",
        "read:stix"
      ],
      "total_requests": 142587,
      "last_used_at": "2026-05-17T09:42:11Z",
      "created_at": "2026-01-15T10:00:00Z",
      "expires_at": null,
      "revoked_at": null
    },
    {
      "id": "00000000-0000-4000-8000-000000000456",
      "key_prefix": "sk_live_aB3x",
      "name": "Dev sandbox",
      "tier": "free",
      "scopes": [
        "read:iocs",
        "read:articles"
      ],
      "total_requests": 234,
      "last_used_at": "2026-05-16T18:30:00Z",
      "created_at": "2026-05-10T08:00:00Z",
      "expires_at": "2026-08-10T08:00:00Z",
      "revoked_at": null
    }
  ],
  "meta": {
    "total": 2
  }
}

API Keys

List your API keys

Returns all API keys belonging to the authenticated user. Used by the SOC Defenders dashboard to populate the key-management UI.

Auth: Session cookie (browser), not Bearer token. Hit this from a logged-in fetch — programmatic Bearer access is not allowed for the keys endpoints (chicken-and-egg).

Each list item includes the key prefix (e.g. sk_live_zIc8) but not the full secret — full keys are only ever shown once at creation time. Use the prefix to identify keys in your code or telemetry.

GET

api

keys

List keys from logged-in browser

const r = await fetch('/api/v1/keys', { credentials: 'include' });
const { data } = await r.json();
data.forEach(k => console.log(`${k.key_prefix}: ${k.name} (${k.tier})`));

{
  "data": [
    {
      "id": "00000000-0000-4000-8000-000000000123",
      "key_prefix": "sk_live_zIc8",
      "name": "Production SIEM",
      "tier": "pro",
      "scopes": [
        "read:iocs",
        "read:articles",
        "read:articles:export",
        "read:stix"
      ],
      "total_requests": 142587,
      "last_used_at": "2026-05-17T09:42:11Z",
      "created_at": "2026-01-15T10:00:00Z",
      "expires_at": null,
      "revoked_at": null
    },
    {
      "id": "00000000-0000-4000-8000-000000000456",
      "key_prefix": "sk_live_aB3x",
      "name": "Dev sandbox",
      "tier": "free",
      "scopes": [
        "read:iocs",
        "read:articles"
      ],
      "total_requests": 234,
      "last_used_at": "2026-05-16T18:30:00Z",
      "created_at": "2026-05-10T08:00:00Z",
      "expires_at": "2026-08-10T08:00:00Z",
      "revoked_at": null
    }
  ],
  "meta": {
    "total": 2
  }
}

Authorizations

sb-access-token

string

required

Session cookie (for API key management endpoints)

Response

Array of API key metadata. Full key secrets are never returned here.

data

object[]

Show child attributes

Overview

IOC Endpoints

Articles Endpoints

TAXII 2.1

IOCs

Statistics

Export Formats

Detection Rules

Lookup

API Keys

TAXII

Articles

List your API keys

Authorizations

Response

Overview

IOC Endpoints

Articles Endpoints

TAXII 2.1

IOCs

Statistics

Export Formats

Detection Rules

Lookup

API Keys

TAXII

Articles

Documentation Index

Authorizations

Response