API keys
API keys are created in your dashboard and are only shown once. The API never returns key secrets — these endpoints are metadata-only.
The API key model
API keys are scoped. Create a separate key per integration and only grant what it needs.
Properties
-
- Name
id- Type
- integer
- Description
- Unique identifier for the API key (metadata record).
-
- Name
name- Type
- string
- Description
- Human label you set in Settings → Integrations.
-
- Name
scopes- Type
- string[]
- Description
- Granted scopes for this key (least-privilege).
-
- Name
created_at- Type
- timestamp
- Description
- Timestamp of when the key was created.
-
- Name
last_used_at- Type
- timestamp | null
- Description
- Timestamp of the last API request using this key.
-
- Name
revoked_at- Type
- timestamp | null
- Description
- Timestamp of when the key was revoked (if revoked).
GET/v1/api-keys/
List API keys
This endpoint returns API key metadata only. For security reasons, key secrets are never returned by the API.
Required scope
read:api_keys
Request
GET
/v1/api-keys/curl -G https://api.twentybaan.com/v1/api-keys/ \
-H "Accept: application/json" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d limit=10Response
{
"ok": true,
"items": [
{
"id": 123,
"name": "CRM sync key",
"scopes": ["read:me", "read:listings", "read:contact_messages"],
"created_at": "2026-01-12T08:00:00Z",
"last_used_at": "2026-01-12T09:10:00Z",
"revoked_at": null
}
],
"next_before_id": null
}GET/v1/api-keys/?id=:id
Retrieve an API key
Fetch a single API key metadata record by id.
Required scope
read:api_keys
Request
GET
/v1/api-keys/?id=123curl -G https://api.twentybaan.com/v1/api-keys/ \
-H "Accept: application/json" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d id=123Response
{
"ok": true,
"api_key": {
"id": 123,
"name": "CRM sync key",
"scopes": ["read:me", "read:listings", "read:contact_messages"],
"created_at": "2026-01-12T08:00:00Z",
"last_used_at": "2026-01-12T09:10:00Z",
"revoked_at": null
}
}