> ## Documentation Index > Fetch the complete documentation index at: https://openworklabs.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # List organization API keys > Returns the API keys that belong to the selected organization. ## OpenAPI ````yaml /openapi.json get /v1/api-keys openapi: 3.1.0 info: title: Den API description: >- OpenAPI spec for the Den control plane API. Authentication: - Use `Authorization: Bearer ` for user-authenticated routes that require a Den session. - Use `x-api-key: ` for API-key-authenticated routes that accept organization API keys. - Public routes like health and documentation do not require authentication. Swagger tip: use the security schemes in the Authorize dialog to set either `bearerAuth` or `denApiKey` before trying protected endpoints. version: dev servers: - url: https://api.openworklabs.com security: [] tags: - name: System description: Service health and operational routes. - name: Organizations description: Top-level organization creation and context routes. - name: Invitations description: Invitation preview, acceptance, creation, and cancellation routes. - name: API Keys description: Organization API key management routes. - name: Members description: Organization member management routes. - name: Roles description: Organization custom role management routes. - name: Teams description: Organization team management routes. - name: Templates description: Organization shared template routes. - name: LLM Providers description: Organization LLM provider catalog, configuration, and access routes. - name: Skills description: Organization skill authoring and sharing routes. - name: Skill Hubs description: Organization skill hub management and access routes. - name: Workers description: Worker lifecycle, billing, and runtime routes. - name: Worker Runtime description: Worker runtime inspection and upgrade routes. - name: Worker Activity description: Worker heartbeat and activity reporting routes. - name: Admin description: Administrative reporting routes. - name: Users description: Current user and membership routes. paths: /v1/api-keys: get: tags: - API Keys summary: List organization API keys description: Returns the API keys that belong to the selected organization. operationId: getV1ApiKeys responses: '200': description: Organization API keys content: application/json: schema: $ref: '#/components/schemas/OrganizationApiKeyListResponse' '400': description: Invalid request content: application/json: schema: $ref: '#/components/schemas/InvalidRequestError' '401': description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/UnauthorizedError' '403': description: Only workspace owners and admins can list API keys. content: application/json: schema: $ref: '#/components/schemas/OrganizationApiKeyForbiddenError' '404': description: Organization not found content: application/json: schema: $ref: '#/components/schemas/OrganizationNotFoundError' security: - bearerAuth: [] components: schemas: OrganizationApiKeyListResponse: type: object properties: apiKeys: type: array items: $ref: '#/components/schemas/OrganizationApiKey' required: - apiKeys InvalidRequestError: type: object properties: error: type: string const: invalid_request details: type: array items: type: object properties: message: type: string path: type: array items: anyOf: - type: string - type: number required: - message additionalProperties: {} required: - error - details UnauthorizedError: type: object properties: error: type: string const: unauthorized required: - error OrganizationApiKeyForbiddenError: type: object properties: error: type: string const: forbidden message: type: string required: - error - message OrganizationNotFoundError: type: object properties: error: type: string const: organization_not_found required: - error OrganizationApiKey: type: object properties: id: type: string configId: type: string name: anyOf: - type: string - type: 'null' start: anyOf: - type: string - type: 'null' prefix: anyOf: - type: string - type: 'null' enabled: type: boolean rateLimitEnabled: type: boolean rateLimitMax: anyOf: - type: integer minimum: -9007199254740991 maximum: 9007199254740991 - type: 'null' rateLimitTimeWindow: anyOf: - type: integer minimum: -9007199254740991 maximum: 9007199254740991 - type: 'null' lastRequest: anyOf: - type: string format: date-time pattern: >- ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$ - type: 'null' expiresAt: anyOf: - type: string format: date-time pattern: >- ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$ - type: 'null' createdAt: type: string format: date-time pattern: >- ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$ updatedAt: type: string format: date-time pattern: >- ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$ owner: $ref: '#/components/schemas/OrganizationApiKeyOwner' required: - id - configId - name - start - prefix - enabled - rateLimitEnabled - rateLimitMax - rateLimitTimeWindow - lastRequest - expiresAt - createdAt - updatedAt - owner OrganizationApiKeyOwner: type: object properties: userId: description: Den TypeID with 'usr_' prefix and a 26-character base32 suffix. format: typeid type: string minLength: 30 maxLength: 30 pattern: ^usr_.* memberId: description: Den TypeID with 'om_' prefix and a 26-character base32 suffix. format: typeid type: string minLength: 29 maxLength: 29 pattern: ^om_.* name: type: string email: type: string format: email pattern: >- ^(?!\.)(?!.*\.\.)([A-Za-z0-9_'+\-\.]*)[A-Za-z0-9_+-]@([A-Za-z0-9][A-Za-z0-9\-]*\.)+[A-Za-z]{2,}$ image: anyOf: - type: string - type: 'null' required: - userId - memberId - name - email - image securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: session-token description: >- Session token passed as `Authorization: Bearer ` for user-authenticated Den routes. ````