List API Keys

curl https://<your-instance>/v1/api-keys/U2026A00001 \
  -H "Cookie: LASID=<session-token>" \
  -H "CTN: <csrf-token>"

{
  "success": true,
  "keys": [
    {
      "keyId": "SK2026A00001",
      "keyPrefix": "trvh_sdk_a1b2c3d",
      "label": "Production Pipeline",
      "scopes": ["sdk:import"],
      "isActive": true,
      "isDeleted": false,
      "expiresAt": "2026-12-31T23:59:59.000Z",
      "lastUsedAt": "2026-03-17T10:30:00.000Z",
      "createdBy": "U2026A00001",
      "createdDate": "2026-03-01T08:00:00.000Z"
    }
  ]
}

GET

api-keys

{userId}

curl https://<your-instance>/v1/api-keys/U2026A00001 \
  -H "Cookie: LASID=<session-token>" \
  -H "CTN: <csrf-token>"

{
  "success": true,
  "keys": [
    {
      "keyId": "SK2026A00001",
      "keyPrefix": "trvh_sdk_a1b2c3d",
      "label": "Production Pipeline",
      "scopes": ["sdk:import"],
      "isActive": true,
      "isDeleted": false,
      "expiresAt": "2026-12-31T23:59:59.000Z",
      "lastUsedAt": "2026-03-17T10:30:00.000Z",
      "createdBy": "U2026A00001",
      "createdDate": "2026-03-01T08:00:00.000Z"
    }
  ]
}

Returns all API keys belonging to a user. Only metadata is returned — the key hash is never exposed.

Browser-authenticated endpoint (session cookie + CSRF).

Path Parameters

userId

string

required

The authenticated user’s ID.

Request Headers

CTN

string

required

CSRF token.

Query Parameters

includeDeleted

string

default:"false"

Set to "true" to include revoked/soft-deleted keys in the response.

Response

success

boolean

Whether the request succeeded.

keys

array

Array of API key metadata objects.

Show key object

keyId

string

Internal key ID (e.g., SK2026A00001).

keyPrefix

string

First 16 characters of the key for identification.

label

string

Human-readable label.

scopes

array

Permissions array (e.g., ["sdk:import"]).

isActive

boolean

Whether the key is currently active.

isDeleted

boolean

Whether the key has been revoked.

expiresAt

string

ISO 8601 expiration date, or null if no expiry.

lastUsedAt

string

Timestamp of last successful authentication, or null.

createdBy

string

User ID who created the key.

createdDate

string

ISO 8601 creation timestamp.

curl https://<your-instance>/v1/api-keys/U2026A00001 \
  -H "Cookie: LASID=<session-token>" \
  -H "CTN: <csrf-token>"

{
  "success": true,
  "keys": [
    {
      "keyId": "SK2026A00001",
      "keyPrefix": "trvh_sdk_a1b2c3d",
      "label": "Production Pipeline",
      "scopes": ["sdk:import"],
      "isActive": true,
      "isDeleted": false,
      "expiresAt": "2026-12-31T23:59:59.000Z",
      "lastUsedAt": "2026-03-17T10:30:00.000Z",
      "createdBy": "U2026A00001",
      "createdDate": "2026-03-01T08:00:00.000Z"
    }
  ]
}

Create API Key Revoke API Key

⌘I

SDK API

API Key Management

Path Parameters

Request Headers

Query Parameters

Response

SDK API

API Key Management

​Path Parameters

​Request Headers

​Query Parameters

​Response

Path Parameters

Request Headers

Query Parameters

Response