> ## Documentation Index
> Fetch the complete documentation index at: https://docs.xquik.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List API keys

> Retrieve all API keys for your account with status and usage timestamps

<blockquote className="agent-llms-directive">
  For the complete documentation index, see <a href="/llms.txt">llms.txt</a>.
</blockquote>

<Callout icon="circle-check" color="#16a34a">
  **Free** - does not consume credits
</Callout>

<CodeGroup>
  ```bash cURL theme={null}
  curl https://xquik.com/api/v1/api-keys \
    -H "Cookie: session_token=YOUR_SESSION_TOKEN" | jq
  ```

  ```javascript Node.js theme={null}
  const response = await fetch("https://xquik.com/api/v1/api-keys", {
    headers: { "Cookie": "session_token=YOUR_SESSION_TOKEN" },
  });
  const data = await response.json();
  console.log(data.keys);
  ```

  ```python Python theme={null}
  import requests

  response = requests.get(
      "https://xquik.com/api/v1/api-keys",
      cookies={"session_token": "YOUR_SESSION_TOKEN"},
  )
  data = response.json()
  print(data["keys"])
  ```

  ```go Go theme={null}
  package main

  import (
  	"fmt"
  	"io"
  	"log"
  	"net/http"
  )

  func main() {
  	req, err := http.NewRequest("GET", "https://xquik.com/api/v1/api-keys", nil)
  	if err != nil {
  		log.Fatal(err)
  	}
  	req.AddCookie(&http.Cookie{Name: "session_token", Value: "YOUR_SESSION_TOKEN"})

  	resp, err := http.DefaultClient.Do(req)
  	if err != nil {
  		log.Fatal(err)
  	}
  	defer resp.Body.Close()

  	body, err := io.ReadAll(resp.Body)
  	if err != nil {
  		log.Fatal(err)
  	}
  	fmt.Println(string(body))
  }
  ```
</CodeGroup>

## Headers

<ParamField header="Cookie" type="string">
  Dashboard session cookie. Format: `session_token=YOUR_SESSION_TOKEN`.
</ParamField>

<ParamField header="x-api-key" type="string">
  API key for the same account. Use this instead of `Cookie` for server-to-server management.
</ParamField>

<ParamField header="Authorization" type="string">
  OAuth bearer token for the same account. Format: `Bearer YOUR_TOKEN`.
</ParamField>

## Response

<Tabs>
  <Tab title="200 OK">
    <ResponseField name="keys" type="array">
      Array of API key objects.

      <Expandable title="key object">
        <ResponseField name="id" type="string">
          Unique identifier for the API key.
        </ResponseField>

        <ResponseField name="name" type="string">
          Display name of the key.
        </ResponseField>

        <ResponseField name="prefix" type="string">
          First 8 characters of the key including the `xq_` prefix (e.g. `"xq_a1b2"`).
        </ResponseField>

        <ResponseField name="isActive" type="boolean">
          Whether the key is currently active.
        </ResponseField>

        <ResponseField name="createdAt" type="string">
          ISO 8601 creation timestamp.
        </ResponseField>

        <ResponseField name="lastUsedAt" type="string">
          ISO 8601 timestamp of the last API call made with this key. Omitted if never used.
        </ResponseField>
      </Expandable>
    </ResponseField>

    ```json theme={null}
    {
      "keys": [
        {
          "id": "42",
          "name": "Production",
          "prefix": "xq_a1b2",
          "isActive": true,
          "createdAt": "2026-02-24T10:30:00.000Z",
          "lastUsedAt": "2026-02-24T18:45:12.000Z"
        },
        {
          "id": "43",
          "name": "Staging",
          "prefix": "xq_c3d4",
          "isActive": true,
          "createdAt": "2026-02-20T09:00:00.000Z"
        }
      ]
    }
    ```
  </Tab>

  <Tab title="401 Unauthenticated">
    ```json theme={null}
    { "error": "unauthenticated" }
    ```

    Missing or invalid session cookie, API key, or bearer token.
  </Tab>

  <Tab title="429 Rate Limited">
    ```json theme={null}
    { "error": "rate_limit_exceeded", "message": "Too many requests. Try again later.", "retryAfter": 1 }
    ```

    Too many requests. Wait for the `Retry-After` header before retrying.
  </Tab>
</Tabs>

<Note>
  Use a dashboard session cookie to inspect keys from the dashboard, or an API key or OAuth bearer token to automate key inventory for the same account.

  **Related:** [Create API Key](/api-reference/api-keys/create) · [Revoke API Key](/api-reference/api-keys/revoke)
</Note>
