API ReferenceDeveloper
List API keys
Returns masked information about the merchant's API keys. The full key is never returned after creation — only the prefix and suffix are shown for identification.
Authorization
privy AuthorizationBearer <token>
Privy JWT authentication for dashboard and management endpoints. This is used internally by the Bag Dashboard and is not intended for direct API integrations. Use API keys instead.
In: header
Response Body
application/json
application/json
curl -X GET "https://api.justusebag.xyz/api/developer/keys"{
"status": "success",
"data": [
{
"keyType": "live",
"keyPrefix": "bag_live_sk_a1b2",
"keySuffix": "f7a8",
"lastUsedAt": "2026-02-28T14:22:00.000Z",
"createdAt": "2025-11-15T08:30:00.000Z"
},
{
"keyType": "test",
"keyPrefix": "bag_test_sk_c3d4",
"keySuffix": "9b0c",
"lastUsedAt": "2026-03-01T09:00:00.000Z",
"createdAt": "2025-11-15T08:31:00.000Z"
}
]
}{
"status": "error",
"message": "Invalid or revoked API key",
"code": "UNAUTHORIZED",
"hint": "Include a valid API key in the Authorization header: Bearer bag_live_sk_..."
}