> ## Documentation Index > Fetch the complete documentation index at: https://docs.incident.io/llms.txt > Use this file to discover all available pages before exploring further. # Show > Show details of a specific API key, including its roles, team assignments and when its token was last issued. This endpoint requires a valid API key with the `api_keys_manage` role at either the account level or team level. ## OpenAPI ````yaml /openapi/tags/api-keys-v1.json get /v1/api_keys/{id} openapi: 3.0.3 info: description: "This is the API reference for incident.io.\n\nIt documents available API endpoints, provides examples of how to use it, and\ninstructions around things like authentication and error handling.\n\nThe API is hosted at:\n\n- https://api.incident.io/\n\nAnd you will need to create an API key via your [incident.io\ndashboard](https://app.incident.io/settings/api-keys) to make requests.\n\n# Making requests\n\nHere are the key concepts required to make requests to the incident.io API.\n\n## Authentication\n\nFor all requests made to the incident.io API, you'll need an API key.\n\nTo create an API key, head to the incident dashboard and visit [API\nkeys](https://app.incident.io/settings/api-keys). When you create the key, you'll be able to choose what actions it\ncan take for your account: choose carefully, as those roles can only be set\nwhen you first create the key. We'll only show you the token once, so make sure\nyou store it somewhere safe.\n\nAPI keys are global to your incident.io account, and can be managed by anyone\nwho has the right permissions. We display the user that created the API key,\nand the API key will remain valid if that user becomes deactivated.\n\nOnce you have the key, you should make requests to the API that set the\n`Authorization` request header using a \"Bearer\" authentication scheme:\n\n```\nAuthorization: Bearer \n```\n\n## Rate Limits\n\nThe incident.io API enforces rate limits to ensure consistent performance for all users.\n\nThe default rate limit is 1200 requests/minute per API key. This limit applies to most endpoints across the API.\n\nSome endpoints have lower rate limits, particularly those that interact with external third-party systems that impose\ntheir own limitations. These specific limits vary by endpoint, and we recommend relying on the rate-limit error\nresponses to understand usage patterns and implement appropriate retry strategies.\n\nWhen you exceed a rate limit, the API will respond with a `429 Too Many Requests` status code, along with a JSON\nresponse that includes information about the limit and when you can retry:\n\n```json\n{\n \"type\": \"too_many_requests\",\n \"status\": 429,\n \"request_id\": \"b839a403-7704-41c1-bf6a-39a2d68caefa\",\n \"rate_limit\": {\n \"name\": \"api_key_name\",\n \"limit\": 1200,\n \"remaining\": 0,\n \"retry_after\": \"Thu, 17 Apr 2025 11:17:18 UTC\"\n },\n \"errors\": [\n {\n \"code\": \"too_many_requests\",\n \"message\": \"Too many requests hit the API too quickly. We recommend an exponential backoff of your requests.\"\n }\n ]\n}\n```\n\nThe response includes:\n* The name of the API key (`name`)\n* The bucket limit (`limit`)\n* The number of requests remaining (`remaining`)\n* When you can retry requests (`retry_after`)\n\n## Errors\n\nWe use standard HTTP response codes to indicate the status or failure of API\nrequests.\n\nThe API response body will be JSON, and contain more detailed information on the\nnature of the error.\n\nAn example error when a request is made without an API key:\n\n```json\n{\n \"type\": \"authentication_error\",\n \"status\": 401,\n \"request_id\": \"8e3cc412-b49d-4957-9073-2c19d2c61804\",\n \"errors\": [\n {\n \"code\": \"missing_authorization_material\",\n \"message\": \"No authorization material provided in request\"\n }\n ]\n}\n```\n\nNote that the error:\n\n- Contains the HTTP status (`401`)\n- References the type of error (`authentication_error`)\n- Includes a `request_id` that can be provided to incident.io support to help\n\tdebug questions with your API request\n- Provides a list of individual errors, which go into detail about why the error\n\toccurred\n\nThe most common error will be a 422 Validation Error, which is returned when the\nrequest was rejected due to failing validations.\n\nThese errors look like this:\n\n```json\n{\n \"type\": \"validation_error\",\n \"status\": 422,\n \"request_id\": \"631766c4-4afd-4803-997c-cd700928fa4b\",\n \"errors\": [\n {\n \"code\": \"is_required\",\n \"message\": \"A severity is required to open an incident\",\n \"source\": {\n \"field\": \"severity_id\"\n }\n }\n ]\n}\n```\n\nThis error is caused by not providing a severity identifier, which should be at\nthe `severity_id` field of the request payload. Errors like these can be mapped to\nforms, should you be integrating with the API from a user-interface.\n\n## Compatibility\n\nWe won't make breaking changes to existing API services or endpoints, but will\nexpect integrators to upgrade themselves to the latest API endpoints within 3\nmonths of us deprecating the old service.\n\nWe will make changes that are considered backwards compatible, which include:\n\n- Adding new API endpoints and services\n- Adding new properties to responses from existing API endpoints\n- Reordering properties returned from existing API endpoints\n- Adding optional request parameters to existing API endpoints\n- Altering the format or length of IDs\n- Adding new values to enums\n\nIt is important that clients are robust to these changes, to ensure reliable\nintegrations.\n\nAs an example, if you are generating a client using an openapi-generator, ensure\nthe generated client is configured to support unknown enum values, often\nconfigured via the `enumUnknownDefaultCase` parameter.\n\nWhen breaking changes are unavoidable, we'll create a new service version on a\nseparate path, and run them in parallel.\n\nFor example:\n\n- https://api.incident.io/v1/incidents\n- https://api.incident.io/v2/incidents\n\nFor any questions, email support@incident.io.\n" title: incident.io version: 1.0.0 servers: - url: https://api.incident.io security: - BearerAuth: [] tags: - description: >- Manage API keys for your organization. This API lets you view, create, update, delete, and rotate API keys programmatically, including configuring account-level roles and roles scoped to specific teams. Common use cases include: - **API key rotation**: You can issue a new access token for any API key using the `Rotate` endpoint. - **Managing keys at scale**: use the `Show`, `List`, `Create`, `Update`, and `Delete` endpoints to automate API key lifecycle management. ## Permissions model To use these endpoints, your API key must have the `api_keys_manage` role granted at either the account level or for specific teams. In addition, the following rules apply, when a "caller" API key is managing a "target" API key: - A caller key can only assign roles whose scopes are a subset of its own scopes. For example, a key with `viewer` and `incident_creator` can assign those roles to a target key, but cannot assign the `incident_editor` role, since it has additional scopes. - The same applies at the team level: A caller key with `schedules_editor` at the account level can create a target key with that role for a specific team, but a key with `schedules_editor` only for one team (Team A, say) cannot assign it at the account level or for another team, Team B. - The `api_keys_manage` role cannot be assigned via the API. To create a key with that role, you must go to Settings → API keys in the dashboard, and click "Add new", creating a key with the "View, create, edit, delete or rotate API keys" role (`api_keys_manage`). - The `Delete` endpoint does not check whether the calling API key holds the scopes of the key being deleted. However, a team-scoped key can only delete keys belonging to its teams. - To rotate the token of an API key, use the Rotate endpoint or by clicking "Rotate token" on any API key listed in the dashboard. The same permissions limitations apply as when creating or updating an API key. ## Finding role names and team IDs To find valid values for `role_names`, `team_ids`, and `team_role_names`, go to Settings → API keys in the dashboard. Click to either edit an existing key or create a new one, select the desired roles and teams, and then use the copy button to get hold of the role and team identifiers as JSON. name: API Keys V1 paths: /v1/api_keys/{id}: get: tags: - API Keys V1 summary: Show description: >- Show details of a specific API key, including its roles, team assignments and when its token was last issued. This endpoint requires a valid API key with the `api_keys_manage` role at either the account level or team level. operationId: API Keys V1_Show parameters: - description: Unique identifier of the API key to retrieve example: 01FCNDV6P870EA6S7TK1DSYDG0 in: path name: id required: true schema: description: Unique identifier of the API key to retrieve example: 01FCNDV6P870EA6S7TK1DSYDG0 type: string responses: '200': content: application/json: example: api_key: created_at: '2021-08-17T13:28:57.801578Z' creator: api_key: id: 01FCNDV6P870EA6S7TK1DSYDG0 name: My test API key user: email: lisa@incident.io id: 01FCNDV6P870EA6S7TK1DSYDG0 name: Lisa Karlin Curtis role: viewer slack_user_id: U02AYNF2XJM id: 01FCNDV6P870EA6S7TK1DSYDG0 last_used_at: '2021-08-17T13:28:57.801578Z' name: My test API key roles: - description: >- can view data, like public incidents and organization settings name: viewer team_ids: - abc123 team_roles: - description: >- can view data, like public incidents and organization settings name: schedules_editor token_last_issued_at: '2021-08-17T13:28:57.801578Z' schema: $ref: '#/components/schemas/APIKeysShowResultV1' description: OK response. components: schemas: APIKeysShowResultV1: example: api_key: created_at: '2021-08-17T13:28:57.801578Z' creator: api_key: id: 01FCNDV6P870EA6S7TK1DSYDG0 name: My test API key user: email: lisa@incident.io id: 01FCNDV6P870EA6S7TK1DSYDG0 name: Lisa Karlin Curtis role: viewer slack_user_id: U02AYNF2XJM id: 01FCNDV6P870EA6S7TK1DSYDG0 last_used_at: '2021-08-17T13:28:57.801578Z' name: My test API key roles: - description: can view data, like public incidents and organization settings name: viewer team_ids: - abc123 team_roles: - description: can view data, like public incidents and organization settings name: schedules_editor token_last_issued_at: '2021-08-17T13:28:57.801578Z' properties: api_key: $ref: '#/components/schemas/APIKeyV1' required: - api_key type: object APIKeyV1: properties: created_at: description: When the API key was created example: '2021-08-17T13:28:57.801578Z' format: date-time type: string creator: $ref: '#/components/schemas/ActorV1' id: description: Unique identifier for this API key example: 01FCNDV6P870EA6S7TK1DSYDG0 type: string last_used_at: description: When the key was last used to authenticate a request example: '2021-08-17T13:28:57.801578Z' format: date-time type: string name: description: The name of the API key, for the user's reference example: My test API key type: string roles: description: The account-level roles assigned to this API key example: - description: can view data, like public incidents and organization settings name: viewer items: $ref: '#/components/schemas/APIKeyRoleV1' type: array team_ids: description: IDs of teams that this API key is scoped to example: - abc123 items: example: abc123 type: string type: array team_roles: description: The team-level roles assigned to this API key example: - description: can view data, like public incidents and organization settings name: schedules_editor items: $ref: '#/components/schemas/APIKeyTeamRoleV1' type: array token_last_issued_at: description: >- When the current token for this API was last issued. This is the last time the token was rotated, or when it was initially created. Older tokens may remain valid for up to an hour after they have been rotated, configured when you call the rotate endpoint. example: '2021-08-17T13:28:57.801578Z' format: date-time type: string required: - id - name - roles - team_ids - team_roles - creator - created_at - token_last_issued_at type: object ActorV1: example: api_key: id: 01FCNDV6P870EA6S7TK1DSYDG0 name: My test API key user: email: lisa@incident.io id: 01FCNDV6P870EA6S7TK1DSYDG0 name: Lisa Karlin Curtis role: viewer slack_user_id: U02AYNF2XJM properties: api_key: $ref: '#/components/schemas/APIKeyActorV1' user: $ref: '#/components/schemas/UserV1' type: object APIKeyRoleV1: example: description: can view data, like public incidents and organization settings name: viewer properties: description: description: Human readable description of the role example: can view data, like public incidents and organization settings type: string name: description: API key role name enum: - viewer - incident_creator - incident_editor - manage_settings - global_access - catalog_viewer - catalog_editor - incident_memberships_editor - schedules_editor - schedules_reader - schedule_overrides_editor - workflows_editor - private_workflows_editor - on_call_editor - escalation_creator - post_incident_flow_opt_out - security_settings_editor - investigation_download - team_memberships_manage - status_page_publisher - postmortems_manage - api_keys_manage - notification_methods_manage example: viewer type: string x-public-api-version: v1 required: - name - description type: object APIKeyTeamRoleV1: example: description: can view data, like public incidents and organization settings name: schedules_editor properties: description: description: Human readable description of the role example: can view data, like public incidents and organization settings type: string name: description: API key role name that may be granted for team-scoped access enum: - schedules_editor - schedules_reader - schedule_overrides_editor - on_call_editor - escalation_creator - api_keys_manage example: schedules_editor type: string x-public-api-version: v1 required: - name - description type: object APIKeyActorV1: example: id: 01FCNDV6P870EA6S7TK1DSYDG0 name: My test API key properties: id: description: Unique identifier for this API key example: 01FCNDV6P870EA6S7TK1DSYDG0 type: string name: description: The name of the API key, for the user's reference example: My test API key type: string required: - id - name type: object UserV1: example: email: lisa@incident.io id: 01FCNDV6P870EA6S7TK1DSYDG0 name: Lisa Karlin Curtis role: viewer slack_user_id: U02AYNF2XJM properties: email: description: Email address of the user. example: lisa@incident.io type: string id: description: Unique identifier of the user example: 01FCNDV6P870EA6S7TK1DSYDG0 type: string name: description: Name of the user example: Lisa Karlin Curtis type: string role: description: >- DEPRECATED: Role of the user as of March 9th 2023, this value is no longer updated. enum: - viewer - responder - administrator - owner - unset example: viewer type: string slack_user_id: description: Slack ID of the user example: U02AYNF2XJM type: string required: - role - id - name type: object securitySchemes: BearerAuth: type: http scheme: bearer description: API key from your incident.io dashboard (Settings → API keys) ````