Endpoint
Retrieves all API keys belonging to a specific owner. This is useful for managing and auditing API keys.
Query Parameters
The owner identifier to filter API keys by. Only keys belonging to this owner will be returned
Response
Returns an array of API key objects. Note that the actual key values are not included for security.
Array of API key objects
Unique identifier for the API key
The descriptive name of the API key
The identifier of the owner
Array of permission scopes
Expiration date (ISO 8601 format)
Whether the key has been revoked
Timestamp when the key was revoked (null if not revoked)
Example Request
curl -X GET "https://api.blnk.io/api-keys?owner=user_123abc" \
-H "Authorization: Bearer YOUR_API_KEY"
Example Response
[
{
"api_key_id": "api_key_abc123def456",
"name": "Production Server Key",
"owner_id": "user_123abc",
"scopes": [
"transactions:read",
"transactions:write",
"balances:read"
],
"expires_at": "2025-12-31T23:59:59Z",
"created_at": "2024-03-04T12:00:00Z",
"last_used_at": "2024-03-04T14:30:15Z",
"is_revoked": false,
"revoked_at": null
},
{
"api_key_id": "api_key_xyz789ghi012",
"name": "Analytics Dashboard",
"owner_id": "user_123abc",
"scopes": [
"transactions:read",
"balances:read"
],
"expires_at": "2024-12-31T23:59:59Z",
"created_at": "2024-02-01T09:00:00Z",
"last_used_at": "2024-03-04T12:15:00Z",
"is_revoked": false,
"revoked_at": null
},
{
"api_key_id": "api_key_old789abc012",
"name": "Old Integration Key",
"owner_id": "user_123abc",
"scopes": ["admin"],
"expires_at": "2024-06-30T23:59:59Z",
"created_at": "2023-12-01T08:00:00Z",
"last_used_at": "2024-02-15T10:30:00Z",
"is_revoked": true,
"revoked_at": "2024-03-01T10:00:00Z"
}
]
Error Responses
Error message describing what went wrong
Common Errors
- 401 Unauthorized: Missing or invalid owner parameter
- 500 Internal Server Error: Failed to retrieve API keys
Use Cases
API Key Management Dashboard
Display all API keys with their status:
const loadApiKeysDashboard = async (owner) => {
const response = await fetch(`https://api.blnk.io/api-keys?owner=${owner}`, {
headers: { 'Authorization': 'Bearer YOUR_API_KEY' }
});
const keys = await response.json();
return keys.map(key => {
const now = new Date();
const expiresAt = new Date(key.expires_at);
const isExpired = now > expiresAt;
const daysUntilExpiry = Math.ceil((expiresAt - now) / (1000 * 60 * 60 * 24));
return {
id: key.api_key_id,
name: key.name,
scopes: key.scopes.join(', '),
status: key.is_revoked ? 'Revoked' : isExpired ? 'Expired' : 'Active',
expiresIn: isExpired ? 'Expired' : `${daysUntilExpiry} days`,
lastUsed: formatDate(key.last_used_at)
};
});
};
Find Expiring Keys
Identify API keys that will expire soon:
const findExpiringKeys = async (owner, daysThreshold = 30) => {
const response = await fetch(`https://api.blnk.io/api-keys?owner=${owner}`, {
headers: { 'Authorization': 'Bearer YOUR_API_KEY' }
});
const keys = await response.json();
const now = new Date();
const threshold = new Date(now.getTime() + daysThreshold * 24 * 60 * 60 * 1000);
return keys.filter(key => {
const expiresAt = new Date(key.expires_at);
return !key.is_revoked && expiresAt <= threshold && expiresAt > now;
}).map(key => ({
id: key.api_key_id,
name: key.name,
expiresAt: key.expires_at,
daysRemaining: Math.ceil((new Date(key.expires_at) - now) / (1000 * 60 * 60 * 24))
}));
};
Audit Unused Keys
Find keys that haven’t been used recently:
const findUnusedKeys = async (owner, daysInactive = 90) => {
const response = await fetch(`https://api.blnk.io/api-keys?owner=${owner}`, {
headers: { 'Authorization': 'Bearer YOUR_API_KEY' }
});
const keys = await response.json();
const threshold = new Date(Date.now() - daysInactive * 24 * 60 * 60 * 1000);
return keys.filter(key => {
const lastUsed = new Date(key.last_used_at);
return !key.is_revoked && lastUsed < threshold;
});
};
Security Audit Report
Generate a comprehensive security audit:
const generateSecurityAudit = async (owner) => {
const response = await fetch(`https://api.blnk.io/api-keys?owner=${owner}`, {
headers: { 'Authorization': 'Bearer YOUR_API_KEY' }
});
const keys = await response.json();
const now = new Date();
const activeKeys = keys.filter(k => !k.is_revoked && new Date(k.expires_at) > now);
const expiredKeys = keys.filter(k => !k.is_revoked && new Date(k.expires_at) <= now);
const revokedKeys = keys.filter(k => k.is_revoked);
const adminKeys = activeKeys.filter(k => k.scopes.includes('admin'));
return {
generated_at: new Date().toISOString(),
owner,
summary: {
total: keys.length,
active: activeKeys.length,
expired: expiredKeys.length,
revoked: revokedKeys.length,
admin_keys: adminKeys.length
},
warnings: [
...expiredKeys.map(k => `Expired key not revoked: ${k.name}`),
...adminKeys.map(k => `Admin key in use: ${k.name}`)
],
keys: keys.map(k => ({
name: k.name,
scopes: k.scopes,
created: k.created_at,
expires: k.expires_at,
last_used: k.last_used_at,
status: k.is_revoked ? 'revoked' : new Date(k.expires_at) <= now ? 'expired' : 'active'
}))
};
};
Filter by Status
Get keys by specific status:
const getActiveKeys = async (owner) => {
const response = await fetch(`https://api.blnk.io/api-keys?owner=${owner}`, {
headers: { 'Authorization': 'Bearer YOUR_API_KEY' }
});
const keys = await response.json();
const now = new Date();
return keys.filter(key =>
!key.is_revoked && new Date(key.expires_at) > now
);
};
const getRevokedKeys = async (owner) => {
const response = await fetch(`https://api.blnk.io/api-keys?owner=${owner}`, {
headers: { 'Authorization': 'Bearer YOUR_API_KEY' }
});
const keys = await response.json();
return keys.filter(key => key.is_revoked);
};
Best Practices
- Regular audits: Review API keys monthly for security
- Revoke unused keys: Remove or revoke keys that haven’t been used in 90+ days
- Monitor admin keys: Pay special attention to keys with admin scope
- Track expiration: Set up alerts for keys expiring within 30 days
- Clean up expired keys: Revoke expired keys that are no longer needed
Security Considerations
- Key values not returned: For security, the actual key values are never returned in list operations
- Owner isolation: Keys are filtered by owner to prevent unauthorized access
- Audit trail: Use
last_used_at to track key activity
- Revocation tracking:
revoked_at timestamp provides audit trail for revoked keys
