Read an API Key
GET/iam/v2/api-keys/:id
Make a request to read an API key.
Request
Responses
- 200
- 400
- 401
- 403
- 404
- 429
- 500
API Key.
Response Headers
The unique identifier for the API request.
The maximum number of requests you're permitted to make per time period.
The number of requests remaining in the current rate limit window.
The relative time in seconds until the current rate-limit window resets.
Important: This differs from Github and Twitter's same-named header which uses UTC epoch seconds. We use relative time to avoid client/server time synchronization issues.
Bad Request
Response Headers
The unique identifier for the API request.
The request lacks valid authentication credentials for this resource.
Response Headers
The unique identifier for the API request.
The unique identifier for the API request.
Basic error="invalid_key", error_description="The API Key is invalid"The access credentials were considered insufficient to grant access
Response Headers
The unique identifier for the API request.
Not Found
Response Headers
The unique identifier for the API request.
Rate Limit Exceeded
Response Headers
The unique identifier for the API request.
The maximum number of requests you're permitted to make per time period.
The number of requests remaining in the current rate limit window.
The relative time in seconds until the current rate-limit window resets.
Important: This differs from Github and Twitter's same-named header which uses UTC epoch seconds. We use relative time to avoid client/server time synchronization issues.
The number of seconds to wait until the rate limit window resets. Only sent when the rate limit is reached.
Oops, something went wrong!
Response Headers
The unique identifier for the API request.
OpenAPI definition (YAML)
paths:
/iam/v2/api-keys/{id}:
get:
x-lifecycle-stage: General Availability
x-self-access: true
operationId: getIamV2ApiKey
description: '[](#section/Versioning/API-Lifecycle-Policy)
Make a request to read an API key.'
parameters:
- name: id
in: path
required: true
schema:
type: string
description: The unique identifier for the API key.
tags:
- API Keys (iam/v2)
security:
- cloud-api-key: []
- confluent-sts-access-token: []
responses:
'200':
description: API Key.
content:
application/json:
schema:
allOf:
- type: object
description: '`ApiKey` objects represent access to different parts of Confluent Cloud.
Some types
of API keys represent access to a single cluster/resource such as a Kafka cluster,
Schema Registry cluster or a ksqlDB cluster. Cloud API Keys represent access to resources
within an organization
that are not tied to a specific cluster, such as the Org API, IAM API, Metrics API
or Connect API.
Tableflow API keys and Global API keys are not tied to a specific cluster.
The API allows you to list, create, update and delete your API Keys.
Related guide: [API Keys in Confluent Cloud](https://docs.confluent.io/cloud/current/client-apps/api-keys.html).
## The API Keys Model
<SchemaDefinition schemaRef="#/components/schemas/iam.v2.ApiKey" />
## Quotas and Limits
This resource is subject to the [following quotas](https://docs.confluent.io/cloud/current/quotas/overview.html):
| Quota | Description |
| --- | --- |
| `apikeys_per_org` | API Keys in one Confluent Cloud organization |'
properties:
api_version:
type: string
enum:
- iam/v2
description: APIVersion defines the schema version of this representation of a resource.
readOnly: true
kind:
type: string
description: Kind defines the object this REST resource represents.
readOnly: true
enum:
- ApiKey
id:
description: ID is the "natural identifier" for an object within its scope/namespace;
it is normally unique across time but not space. That is, you can assume that
the ID will not be reclaimed and reused after an object is deleted ("time"); however,
it may collide with IDs for other object `kinds` or objects of the same `kind`
within a different scope/namespace ("space").
type: string
maxLength: 255
readOnly: true
example: dlz-f3a90de
metadata:
allOf:
- description: ObjectMeta is metadata that all persisted resources must have, which
includes all objects users must create.
required:
- self
properties:
self:
description: Self is a Uniform Resource Locator (URL) at which an object can
be addressed. This URL encodes the service location, API version, and other
particulars necessary to locate the resource at a point in time
type: string
format: uri
readOnly: true
example: https://api.confluent.cloud/v2/kafka-clusters/lkc-f3a90de
resource_name:
description: Resource Name is a Uniform Resource Identifier (URI) that is
globally unique across space and time. It is represented as a Confluent
Resource Name
type: string
format: uri
readOnly: true
example: crn://confluent.cloud/kafka=lkc-f3a90de
created_at:
type: string
format: date-time
example: '2006-01-02T15:04:05-07:00'
readOnly: true
description: The date and time at which this object was created. It is represented
in RFC3339 format and is in UTC.
updated_at:
type: string
format: date-time
example: '2006-01-02T15:04:05-07:00'
readOnly: true
description: The date and time at which this object was last updated. It is
represented in RFC3339 format and is in UTC.
deleted_at:
type: string
format: date-time
example: '2006-01-02T15:04:05-07:00'
readOnly: true
description: The date and time at which this object was (or will be) deleted.
It is represented in RFC3339 format and is in UTC.
readOnly: true
title: ObjectMeta
- properties:
self:
example: https://api.confluent.cloud/iam/v2/api-keys/ak-12345
resource_name:
example: crn://confluent.cloud/organization=9bb441c4-edef-46ac-8a41-c49e44a3fd9a/api-key=ak-12345
spec:
type: object
description: The desired state of the Api Key
properties:
secret:
type: string
example: R15hoiDIq8Nxu/lY4mPO3DwAVIfU5W7OI+efsB607mLgHTnVW5XJGVqX2ysDx987
description: The API key secret. Only provided in `create` responses, not in
`get` or `list`.
x-redact: true
x-immutable: true
readOnly: true
display_name:
type: string
example: CI kafka access key
description: A human readable name for the API key
description:
type: string
example: This API key provides kafka access to cluster x
description: A human readable description for the API key
expires_at:
type: string
format: date-time
example: '2026-01-01T00:00:00Z'
description: The date and time at which this API key will expire. It is represented
in RFC3339 format and is in UTC.
readOnly: true
x-immutable: true
owner:
allOf:
- type: object
description: ObjectReference provides information for you to locate the referred
object
required:
- id
- related
- resource_name
properties:
id:
type: string
description: ID of the referred resource
minLength: 1
maxLength: 255
related:
type: string
format: uri
description: API URL for accessing or modifying the referred object
minLength: 1
readOnly: true
resource_name:
type: string
format: uri
description: CRN reference to the referred resource
minLength: 1
readOnly: true
api_version:
type: string
description: API group and version of the referred resource
minLength: 1
readOnly: true
kind:
type: string
description: Kind of the referred resource
minLength: 1
readOnly: true
title: TypedGlobalObjectReference
description: The owner to which this belongs. The owner can be one of iam.v2.User,
iam.v2.ServiceAccount.
x-immutable: true
resource:
allOf:
- type: object
description: ObjectReference provides information for you to locate the referred
object
required:
- id
- related
- resource_name
properties:
id:
type: string
description: ID of the referred resource
minLength: 1
maxLength: 255
environment:
type: string
description: Environment of the referred resource, if env-scoped
minLength: 1
maxLength: 255
related:
type: string
format: uri
description: API URL for accessing or modifying the referred object
minLength: 1
readOnly: true
resource_name:
type: string
format: uri
description: CRN reference to the referred resource
minLength: 1
readOnly: true
api_version:
type: string
description: API group and version of the referred resource
minLength: 1
readOnly: true
kind:
type: string
description: Kind of the referred resource
minLength: 1
readOnly: true
title: TypedEnvScopedObjectReference
nullable: true
description: 'The resource associated with this object. The resource can be
one of Kafka Cluster ID (example: lkc-12345),
Schema Registry Cluster ID (example: lsrc-12345), ksqlDB Cluster ID (example:
lksqlc-12345), or Flink
(Environment + Region pair, example: env-abc123.aws.us-east-2).
May be null or omitted if not associated with a resource. For creating Cloud
API key, resource id should be `CLOUD`,
for creating Tableflow API key, resource id should be `TABLEFLOW`, for creating
Global API key, resource id should be `GLOBAL`.
The resource id is case-insensitive.
[Learn more in Authentication](https://docs.confluent.io/cloud/current/api.html#section/Authentication).
Note - Flink is in the [Preview lifecycle stage](https://docs.confluent.io/cloud/current/api.html#section/Versioning/API-Lifecycle-Policy)
'
x-immutable: true
x-enable-id: true
x-enable-listmeta: true
x-enable-objectmeta: true
title: iam.v2.ApiKeySpec
title: iam.v2.ApiKey
- type: object
required:
- api_version
- kind
- id
- spec
properties:
spec:
type: object
required:
- owner
- type: object
properties:
spec:
type: object
properties:
owner:
example:
id: u-a83k9b
related: https://api.confluent.cloud/iam/v2/users/u-a83k9b
resource_name: https://api.confluent.cloud/user=u-a83k9b
resource:
nullable: true
example:
id: lkc-c29js0
related: https://api.confluent.cloud/cmk/v2/clusters/lkc-c29js0
resource_name: https://api.confluent.cloud/organization=9bb441c4-edef-46ac-8a41-c49e44a3fd9a/environment=env-abc123/cloud-cluster=lkc-c29js0
headers:
X-Request-Id:
schema:
type: string
description: The unique identifier for the API request.
X-RateLimit-Limit:
schema:
type: integer
description: The maximum number of requests you're permitted to make per time period.
X-RateLimit-Remaining:
schema:
type: integer
description: The number of requests remaining in the current rate limit window.
X-RateLimit-Reset:
schema:
type: integer
description: "The relative time in seconds until the current rate-limit window resets. \
\ \n \n**Important:** This differs from Github and Twitter's same-named header which\
\ uses UTC epoch seconds. We use relative time to avoid client/server time synchronization\
\ issues."
'400':
description: Bad Request
headers:
X-Request-Id:
schema:
type: string
description: The unique identifier for the API request.
content:
application/json:
schema:
type: object
description: Provides information about problems encountered while performing an operation.
required:
- errors
properties:
errors:
description: List of errors which caused this operation to fail
type: array
items:
type: object
description: Describes a particular error encountered while performing an operation.
properties:
id:
description: A unique identifier for this particular occurrence of the problem.
type: string
maxLength: 255
status:
description: The HTTP status code applicable to this problem, expressed as a
string value.
type: string
code:
description: An application-specific error code, expressed as a string value.
type: string
title:
description: A short, human-readable summary of the problem. It **SHOULD NOT**
change from occurrence to occurrence of the problem, except for purposes of
localization.
type: string
detail:
description: A human-readable explanation specific to this occurrence of the
problem.
type: string
source:
type: object
description: If this error was caused by a particular part of the API request,
the source will point to the query string parameter or request body property
that caused it.
properties:
pointer:
description: A JSON Pointer [RFC6901] to the associated entity in the request
document [e.g. "/spec" for a spec object, or "/spec/title" for a specific
field].
type: string
parameter:
description: A string indicating which query parameter caused the error.
type: string
error_code:
type: integer
format: int32
message:
type: string
nullable: true
additionalProperties: false
title: Error
uniqueItems: true
title: Failure
example:
errors:
- id: ed42afdc-f0d5-4c0d-b428-9fc6ed6e279d
status: '400'
code: invalid_filter
title: Invalid Filter
detail: The 'delorean' resource can't be filtered by 'num_doors'
source:
parameter: num_doors
'401':
x-summary: Unauthorized
description: The request lacks valid authentication credentials for this resource.
headers:
X-Request-Id:
schema:
type: string
description: The unique identifier for the API request.
WWW-Authenticate:
schema:
type: string
description: The unique identifier for the API request.
example: Basic error="invalid_key", error_description="The API Key is invalid"
content:
application/json:
schema:
type: object
description: Provides information about problems encountered while performing an operation.
required:
- errors
properties:
errors:
description: List of errors which caused this operation to fail
type: array
items:
type: object
description: Describes a particular error encountered while performing an operation.
properties:
id:
description: A unique identifier for this particular occurrence of the problem.
type: string
maxLength: 255
status:
description: The HTTP status code applicable to this problem, expressed as a
string value.
type: string
code:
description: An application-specific error code, expressed as a string value.
type: string
title:
description: A short, human-readable summary of the problem. It **SHOULD NOT**
change from occurrence to occurrence of the problem, except for purposes of
localization.
type: string
detail:
description: A human-readable explanation specific to this occurrence of the
problem.
type: string
source:
type: object
description: If this error was caused by a particular part of the API request,
the source will point to the query string parameter or request body property
that caused it.
properties:
pointer:
description: A JSON Pointer [RFC6901] to the associated entity in the request
document [e.g. "/spec" for a spec object, or "/spec/title" for a specific
field].
type: string
parameter:
description: A string indicating which query parameter caused the error.
type: string
error_code:
type: integer
format: int32
message:
type: string
nullable: true
additionalProperties: false
title: Error
uniqueItems: true
title: Failure
example:
errors:
- id: ed42afdc-f0d5-4c0d-b428-9fc6ed6e279d
status: '401'
code: user_unauthenticated
title: Authentication Required
detail: Valid authentication credentials must be provided
'403':
x-summary: Forbidden
description: The access credentials were considered insufficient to grant access
headers:
X-Request-Id:
schema:
type: string
description: The unique identifier for the API request.
content:
application/json:
schema:
type: object
description: Provides information about problems encountered while performing an operation.
required:
- errors
properties:
errors:
description: List of errors which caused this operation to fail
type: array
items:
type: object
description: Describes a particular error encountered while performing an operation.
properties:
id:
description: A unique identifier for this particular occurrence of the problem.
type: string
maxLength: 255
status:
description: The HTTP status code applicable to this problem, expressed as a
string value.
type: string
code:
description: An application-specific error code, expressed as a string value.
type: string
title:
description: A short, human-readable summary of the problem. It **SHOULD NOT**
change from occurrence to occurrence of the problem, except for purposes of
localization.
type: string
detail:
description: A human-readable explanation specific to this occurrence of the
problem.
type: string
source:
type: object
description: If this error was caused by a particular part of the API request,
the source will point to the query string parameter or request body property
that caused it.
properties:
pointer:
description: A JSON Pointer [RFC6901] to the associated entity in the request
document [e.g. "/spec" for a spec object, or "/spec/title" for a specific
field].
type: string
parameter:
description: A string indicating which query parameter caused the error.
type: string
error_code:
type: integer
format: int32
message:
type: string
nullable: true
additionalProperties: false
title: Error
uniqueItems: true
title: Failure
example:
errors:
- id: ed42afdc-f0d5-4c0d-b428-9fc6ed6e279d
status: '403'
code: user_unauthorized
title: User Access Unauthorized
detail: The user 'mcfly' is not allowed to access the 'delorean' resource without the
'plutonium' role.
'404':
description: Not Found
headers:
X-Request-Id:
schema:
type: string
description: The unique identifier for the API request.
content:
application/json:
schema:
type: object
description: Provides information about problems encountered while performing an operation.
required:
- errors
properties:
errors:
description: List of errors which caused this operation to fail
type: array
items:
type: object
description: Describes a particular error encountered while performing an operation.
properties:
id:
description: A unique identifier for this particular occurrence of the problem.
type: string
maxLength: 255
status:
description: The HTTP status code applicable to this problem, expressed as a
string value.
type: string
code:
description: An application-specific error code, expressed as a string value.
type: string
title:
description: A short, human-readable summary of the problem. It **SHOULD NOT**
change from occurrence to occurrence of the problem, except for purposes of
localization.
type: string
detail:
description: A human-readable explanation specific to this occurrence of the
problem.
type: string
source:
type: object
description: If this error was caused by a particular part of the API request,
the source will point to the query string parameter or request body property
that caused it.
properties:
pointer:
description: A JSON Pointer [RFC6901] to the associated entity in the request
document [e.g. "/spec" for a spec object, or "/spec/title" for a specific
field].
type: string
parameter:
description: A string indicating which query parameter caused the error.
type: string
error_code:
type: integer
format: int32
message:
type: string
nullable: true
additionalProperties: false
title: Error
uniqueItems: true
title: Failure
example:
errors:
- id: ed42afdc-f0d5-4c0d-b428-9fc6ed6e279d
status: '404'
title: Not Found
'429':
description: Rate Limit Exceeded
headers:
X-Request-Id:
schema:
type: string
description: The unique identifier for the API request.
X-RateLimit-Limit:
schema:
type: integer
description: The maximum number of requests you're permitted to make per time period.
X-RateLimit-Remaining:
schema:
type: integer
description: The number of requests remaining in the current rate limit window.
X-RateLimit-Reset:
schema:
type: integer
description: "The relative time in seconds until the current rate-limit window resets. \
\ \n \n**Important:** This differs from Github and Twitter's same-named header which\
\ uses UTC epoch seconds. We use relative time to avoid client/server time synchronization\
\ issues."
Retry-After:
schema:
type: integer
description: The number of seconds to wait until the rate limit window resets. Only sent
when the rate limit is reached.
'500':
description: Oops, something went wrong!
headers:
X-Request-Id:
schema:
type: string
description: The unique identifier for the API request.
content:
application/json:
schema:
type: object
description: Provides information about problems encountered while performing an operation.
required:
- errors
properties:
errors:
description: List of errors which caused this operation to fail
type: array
items:
type: object
description: Describes a particular error encountered while performing an operation.
properties:
id:
description: A unique identifier for this particular occurrence of the problem.
type: string
maxLength: 255
status:
description: The HTTP status code applicable to this problem, expressed as a
string value.
type: string
code:
description: An application-specific error code, expressed as a string value.
type: string
title:
description: A short, human-readable summary of the problem. It **SHOULD NOT**
change from occurrence to occurrence of the problem, except for purposes of
localization.
type: string
detail:
description: A human-readable explanation specific to this occurrence of the
problem.
type: string
source:
type: object
description: If this error was caused by a particular part of the API request,
the source will point to the query string parameter or request body property
that caused it.
properties:
pointer:
description: A JSON Pointer [RFC6901] to the associated entity in the request
document [e.g. "/spec" for a spec object, or "/spec/title" for a specific
field].
type: string
parameter:
description: A string indicating which query parameter caused the error.
type: string
error_code:
type: integer
format: int32
message:
type: string
nullable: true
additionalProperties: false
title: Error
uniqueItems: true
title: Failure
example:
errors:
- id: ed42afdc-f0d5-4c0d-b428-9fc6ed6e279d
status: '500'
code: out_of_gas
title: DeLorean Out Of Gas
detail: The DeLorean has run out of gas, but Doc Brown will fill 'er up for you asap
servers:
- url: https://api.confluent.cloud
description: Confluent Cloud API