List API Keys

List API Keys

curl --request GET \
  --url https://api.zebedee.io/api/v1/rewards/app/{rewardsAppId}/api-keys \
  --header 'Authorization: <authorization>' \
  --header 'z-client: <z-client>'

{
  "success": true,
  "message": "Success.",
  "data": [
    {
      "id": "46e64511-4efd-486c-92b7-b5a4f7e5f9d8",
      "isActive": true,
      "createdAt": "2025-10-30T21:55:34.742Z",
      "revokedAt": null
    }
  ]
}

GET

api

rewards

app

{rewardsAppId}

api-keys

List API Keys

curl --request GET \
  --url https://api.zebedee.io/api/v1/rewards/app/{rewardsAppId}/api-keys \
  --header 'Authorization: <authorization>' \
  --header 'z-client: <z-client>'

{
  "success": true,
  "message": "Success.",
  "data": [
    {
      "id": "46e64511-4efd-486c-92b7-b5a4f7e5f9d8",
      "isActive": true,
      "createdAt": "2025-10-30T21:55:34.742Z",
      "revokedAt": null
    }
  ]
}

Retrieve all API keys for your Rewards App to see which keys are active and when they were created.

Configuration

Header Parameters

z-client

string

required

Client identifier (use “developer-dashboard” )

Authorization

string

required

Bearer token for authenticationFormat: Bearer {JWT_TOKEN}

Path Parameters

rewardsAppId

string

required

Your Rewards App ID

{
  "success": true,
  "message": "Success.",
  "data": [
    {
      "id": "46e64511-4efd-486c-92b7-b5a4f7e5f9d8",
      "isActive": true,
      "createdAt": "2025-10-30T21:55:34.742Z",
      "revokedAt": null
    }
  ]
}

Response Status Codes

Code	Description
`200`	API keys retrieved successfully
`400`	Bad request - invalid UUID
`401`	Unauthorized - authentication required
`403`	Forbidden - developer does not own this app
`404`	Rewards app not found
`500`	Internal server error

{
  "success": false,
  "message": "Invalid UUID"
}

Response Fields

Field	Type	Description
`success`	boolean	Whether the request was successful
`message`	string	Response message
`data`	array	Array of API keys
`id`	string	Unique identifier for the API key
`isActive`	boolean	Whether the API key is currently active
`createdAt`	string	ISO 8601 timestamp of when key was created
`revokedAt`	string \| null	ISO 8601 timestamp of when key was revoked, or null if active

Code Examples

const rewardsAppId = 'YOUR_REWARDS_APP_ID';
const jwtToken = 'YOUR_JWT_TOKEN';

async function listApiKeys(rewardsAppId) {
  const response = await fetch(
    `https://api.zebedee.io/api/v1/rewards/app/${rewardsAppId}/api-keys`,
    {
      method: 'GET',
      headers: {
        'z-client': 'developer-dashboard',
        'Authorization': `Bearer ${jwtToken}`
      }
    }
  );

  const data = await response.json();

  if (data.success) {
    console.log(`Found ${data.data.length} API keys`);
    data.data.forEach(key => {
      console.log(`- Key ID: ${key.id}, Active: ${key.isActive}`);
    });
    return data.data;
  } else {
    throw new Error(`Failed: ${data.message}`);
  }
}

// Get all API keys
const keys = await listApiKeys('b28e0306-2c06-4092-8d56-a1623d6b97fb');

Empty Response. If data is an empty array [], it means no API keys exist for this Rewards App.

Try It Out

Ready to view your API keys? Use our API playground on the right to test with your JWT token.

What’s Next?

After viewing your API keys: Revoke API Key. Remove an API key to prevent it from being used for authentication

Delete Blocklist Entry Revoke API Key

⌘I

Overview

Integrating

Pushing to App Stores

Configuration

Header Parameters

Path Parameters

Response Status Codes

Response Fields

Code Examples

Try It Out

What’s Next?

Overview

Integrating

Pushing to App Stores

​Configuration

​Header Parameters

​Path Parameters

​Response Status Codes

​Response Fields

​Code Examples

​Try It Out

​What’s Next?

Configuration

Header Parameters

Path Parameters

Response Status Codes

Response Fields

Code Examples

Try It Out

What’s Next?