Skip to main content
GET
/
api
/
api-keys
List current user's API keys
curl --request GET \
  --url https://mcp.echozero.app/api/api-keys \
  --header 'Authorization: Bearer <token>'
{
  "success": true,
  "data": {
    "items": [
      {
        "id": "<string>",
        "name": "<string>",
        "keyPrefix": "<string>",
        "scopes": [],
        "createdAt": "2023-11-07T05:31:56Z",
        "lastUsedAt": "2023-11-07T05:31:56Z",
        "expiresAt": "2023-11-07T05:31:56Z"
      }
    ],
    "pagination": {
      "total": 123,
      "limit": 123,
      "page": 123,
      "totalPages": 123,
      "hasNextPage": true,
      "hasPreviousPage": true
    }
  }
}

Authorizations

Authorization
string
header
required

User JWT access token issued by POST /api/auth/verify or POST /api/auth/social/verify. Routes that accept both auth modes declare api-key and bearer-jwt security schemes.

Headers

x-signature
string

HMAC-SHA256 signature: HMAC-SHA256(secretKey, timestamp + METHOD + path + body). Optional -- when omitted, HMAC verification is skipped.

x-timestamp
string

Request timestamp in epoch milliseconds. Required when x-signature is provided. Rejected if drift exceeds 5 minutes.

Response

Paginated list of API keys.

success
boolean
required
Example:

true

data
object
required

Endpoint-specific payload