Documentation Index

Fetch the complete documentation index at: https://docs.supermetrics.com/llms.txt

Use this file to discover all available pages before exploring further.

List API keys

  • Updated on Jun 23, 2026
  • Published on Sep 2, 2025
Prev Next
Get
/api_keys

Retrieve a list of all API keys

Security
HTTP
Type bearer

Bearer token authentication. Include the token in the Authorization header: Authorization: Bearer <your-token>

Responses
200

List of API keys retrieved successfully

Headers
Content-Type
string
HTTP response content type
Valid values[ "application/json" ]
Max length255
Exampleapplication/json
X-RateLimit-Limit
integer
Request limit per hour
Minimum1
Maximum10000
Example5000
X-RateLimit-Remaining
integer
Remaining requests in current window
Minimum0
Maximum10000
Example4999
Access-Control-Allow-Origin
string
CORS header
Valid values[ "*" ]
Max length255
Example*
Expand All
object
meta
object (Meta)

Metadata included in every API response.

request_id
string

Unique identifier for the request, for tracking and debugging.

Min length8
Max length64
Pattern^[A-Za-z0-9_-]+$
ExampleBXaEFVtjc7TXaJxgZhmFgSUD9edqq_CN
data
Array of object (ApiKey)
Max items1000
object
@type
string
Valid values[ "api_key" ]
api_key_id
string

Supermetrics API key ID

Max length50
Pattern^[A-Za-z0-9_-]+$
created_time
string (date-time)

ISO 8601 datetime for when API key was created

Max length50
description
string

Internal API key description

Max length1000
key_type
string

Type of API key

Max length50
key_start
string

First 10 characters from the API key value

Max length50
Pattern^[A-Za-z0-9_-]+$
key_value
string

API key value as plain text, when requested. Defaults to null.

Max length255
Pattern^[A-Za-z0-9_-]+$
scope_names
Array of string

List of permission scopes for the API key

Max items100
string
Max length100
allow_ips
Array of string

List of fixed or CIDR formatted IP addresses allowed to use API key

Max items100
string
Max length255
Pattern^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\/([0-9]|[1-2][0-9]|3[0-2]))?$
is_enabled
boolean

Whether API key is enabled and can be used in requests

behalf_of_user_info
object (User)
@type
string
Valid values[ "user" ]
user_id
string

Supermetrics user ID

Max length50
Pattern^[A-Za-z0-9_-]+$
email
string (email)

Supermetrics user email

Max length255
401

Unauthorized

Headers
WWW-Authenticate
string
Bearer token required
Max length255
Pattern^Bearer.*
X-RateLimit-Limit
integer
Request limit per hour
Minimum1
Maximum10000
Example5000
X-RateLimit-Remaining
integer
Remaining requests in current window
Minimum0
Maximum10000
Example4999
Access-Control-Allow-Origin
string
CORS header
Valid values[ "*" ]
Max length255
Example*
{
  "meta": {
    "request_id": "BXaEFVtjc7TXaJxgZhmFgSUD9edqq_CN"
  },
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Authentication is required."
  }
}
Expand All
object

Standard envelope returned by all error (4xx/5xx) responses.

meta
object (Meta)

Metadata included in every API response.

request_id
string

Unique identifier for the request, for tracking and debugging.

Min length8
Max length64
Pattern^[A-Za-z0-9_-]+$
ExampleBXaEFVtjc7TXaJxgZhmFgSUD9edqq_CN
error
object (Error)

Machine- and human-readable detail for a failed request.

code
string

Stable, screaming-snake-case identifier for the error condition. Clients should branch on this, not on message. Common values include BAD_REQUEST, UNAUTHORIZED, FORBIDDEN, NOT_FOUND, CONFLICT_ERROR, PERMISSION_ERROR, UNPROCESSABLE_ENTITY, UNPROCESSABLE_CONTENT, TOO_MANY_REQUESTS, INTERNAL_SERVER_ERROR, DUPLICATION_FAILED, SERVICE_UNAVAILABLE; domains may define additional codes.

Max length100
Pattern^[A-Z][A-Z0-9_]*$
ExampleBAD_REQUEST
message
string

Short, human-readable summary of the error.

Max length255
Pattern^.+$
ExampleThe request was invalid.
description
string

Optional longer explanation specific to this occurrence.

Max length2048
ExampleThe field 'display_name' must not be empty.
422

Unprocessable Entity - validation failed for the request parameters

Headers
X-RateLimit-Limit
integer
Request limit per hour
Minimum1
Maximum10000
Example5000
X-RateLimit-Remaining
integer
Remaining requests in current window
Minimum0
Maximum10000
Example4999
Access-Control-Allow-Origin
string
CORS header
Valid values[ "*" ]
Max length255
Example*
{
  "meta": {
    "request_id": "BXaEFVtjc7TXaJxgZhmFgSUD9edqq_CN"
  },
  "error": {
    "code": "UNPROCESSABLE_ENTITY",
    "message": "Validation failed for the request parameters."
  }
}
Expand All
object

Standard envelope returned by all error (4xx/5xx) responses.

meta
object (Meta)

Metadata included in every API response.

request_id
string

Unique identifier for the request, for tracking and debugging.

Min length8
Max length64
Pattern^[A-Za-z0-9_-]+$
ExampleBXaEFVtjc7TXaJxgZhmFgSUD9edqq_CN
error
object (Error)

Machine- and human-readable detail for a failed request.

code
string

Stable, screaming-snake-case identifier for the error condition. Clients should branch on this, not on message. Common values include BAD_REQUEST, UNAUTHORIZED, FORBIDDEN, NOT_FOUND, CONFLICT_ERROR, PERMISSION_ERROR, UNPROCESSABLE_ENTITY, UNPROCESSABLE_CONTENT, TOO_MANY_REQUESTS, INTERNAL_SERVER_ERROR, DUPLICATION_FAILED, SERVICE_UNAVAILABLE; domains may define additional codes.

Max length100
Pattern^[A-Z][A-Z0-9_]*$
ExampleBAD_REQUEST
message
string

Short, human-readable summary of the error.

Max length255
Pattern^.+$
ExampleThe request was invalid.
description
string

Optional longer explanation specific to this occurrence.

Max length2048
ExampleThe field 'display_name' must not be empty.
429

Too Many Requests

Headers
X-RateLimit-Limit
integer
Request limit per hour
Minimum1
Maximum10000
Example5000
X-RateLimit-Remaining
integer
Remaining requests in current window
Minimum0
Maximum10000
Example4999
Retry-After
integer
Seconds until rate limit resets
Minimum1
Maximum86400
Example3600
Access-Control-Allow-Origin
string
CORS header
Valid values[ "*" ]
Max length255
Example*
{
  "meta": {
    "request_id": "BXaEFVtjc7TXaJxgZhmFgSUD9edqq_CN"
  },
  "error": {
    "code": "TOO_MANY_REQUESTS",
    "message": "Rate limit exceeded. Retry later."
  }
}
Expand All
object

Standard envelope returned by all error (4xx/5xx) responses.

meta
object (Meta)

Metadata included in every API response.

request_id
string

Unique identifier for the request, for tracking and debugging.

Min length8
Max length64
Pattern^[A-Za-z0-9_-]+$
ExampleBXaEFVtjc7TXaJxgZhmFgSUD9edqq_CN
error
object (Error)

Machine- and human-readable detail for a failed request.

code
string

Stable, screaming-snake-case identifier for the error condition. Clients should branch on this, not on message. Common values include BAD_REQUEST, UNAUTHORIZED, FORBIDDEN, NOT_FOUND, CONFLICT_ERROR, PERMISSION_ERROR, UNPROCESSABLE_ENTITY, UNPROCESSABLE_CONTENT, TOO_MANY_REQUESTS, INTERNAL_SERVER_ERROR, DUPLICATION_FAILED, SERVICE_UNAVAILABLE; domains may define additional codes.

Max length100
Pattern^[A-Z][A-Z0-9_]*$
ExampleBAD_REQUEST
message
string

Short, human-readable summary of the error.

Max length255
Pattern^.+$
ExampleThe request was invalid.
description
string

Optional longer explanation specific to this occurrence.

Max length2048
ExampleThe field 'display_name' must not be empty.
500

Internal server error

Headers
Access-Control-Allow-Origin
string
CORS header
Valid values[ "*" ]
Max length255
Example*
{
  "meta": {
    "request_id": "BXaEFVtjc7TXaJxgZhmFgSUD9edqq_CN"
  },
  "error": {
    "code": "INTERNAL_SERVER_ERROR",
    "message": "An unexpected error occurred."
  }
}
Expand All
object

Standard envelope returned by all error (4xx/5xx) responses.

meta
object (Meta)

Metadata included in every API response.

request_id
string

Unique identifier for the request, for tracking and debugging.

Min length8
Max length64
Pattern^[A-Za-z0-9_-]+$
ExampleBXaEFVtjc7TXaJxgZhmFgSUD9edqq_CN
error
object (Error)

Machine- and human-readable detail for a failed request.

code
string

Stable, screaming-snake-case identifier for the error condition. Clients should branch on this, not on message. Common values include BAD_REQUEST, UNAUTHORIZED, FORBIDDEN, NOT_FOUND, CONFLICT_ERROR, PERMISSION_ERROR, UNPROCESSABLE_ENTITY, UNPROCESSABLE_CONTENT, TOO_MANY_REQUESTS, INTERNAL_SERVER_ERROR, DUPLICATION_FAILED, SERVICE_UNAVAILABLE; domains may define additional codes.

Max length100
Pattern^[A-Z][A-Z0-9_]*$
ExampleBAD_REQUEST
message
string

Short, human-readable summary of the error.

Max length255
Pattern^.+$
ExampleThe request was invalid.
description
string

Optional longer explanation specific to this occurrence.

Max length2048
ExampleThe field 'display_name' must not be empty.

© Supermetrics 2025