Skip to main content

List of API Keys

GET 

/iam/v2/api-keys

General Availability

Retrieve a sorted, filtered, paginated list of all API keys.

This can show all keys for a single owner (across resources - Kafka clusters), or all keys for a single resource (across owners). If no owner or resource filters are specified, returns all API Keys in the organization. You will only see the keys that are accessible to the account making the API request.

Request

Responses

API Key.

Response Headers
    X-Request-Id

    The unique identifier for the API request.

    X-RateLimit-Limit

    The maximum number of requests you're permitted to make per time period.

    X-RateLimit-Remaining

    The number of requests remaining in the current rate limit window.

    X-RateLimit-Reset

    The relative time in seconds until the current rate-limit window resets.

    Important: This differs from Github and Twitter's same-named header which uses UTC epoch seconds. We use relative time to avoid client/server time synchronization issues.

OpenAPI definition (YAML)
paths:
  /iam/v2/api-keys:
    get:
      x-lifecycle-stage: General Availability
      x-self-access: true
      operationId: listIamV2ApiKeys
      description: '[![General Availability](https://img.shields.io/badge/Lifecycle%20Stage-General%20Availability-%2345c6e8)](#section/Versioning/API-Lifecycle-Policy)


        Retrieve a sorted, filtered, paginated list of all API keys.


        This can show all keys for a single owner (across resources - Kafka clusters), or all keys for
        a single

        resource (across owners). If no `owner` or `resource` filters are specified, returns all API Keys
        in the

        organization. You will only see the keys that are accessible to the account making the API request.

        '
      parameters:
      - name: spec.owner
        in: query
        required: false
        schema:
          description: Filter a collection by a string search
          type: string
          title: SearchFilter
        description: Filter the results by exact match for spec.owner.
      - name: spec.resource
        in: query
        required: false
        schema:
          description: Filter a collection by a string search
          type: string
          title: SearchFilter
        description: Filter the results by exact match for spec.resource.
      - name: page_size
        in: query
        required: false
        schema:
          type: integer
          default: 10
          maximum: 100
          x-max-page-items: 500
        description: A pagination size for collection requests.
      - name: page_token
        in: query
        required: false
        schema:
          type: string
          maxLength: 255
        description: An opaque pagination token for collection requests.
      tags:
      - API Keys (iam/v2)
      security:
      - cloud-api-key: []
      - confluent-sts-access-token: []
      responses:
        '200':
          description: API Key.
          content:
            application/json:
              schema:
                allOf:
                - type: object
                  description: '`ApiKey` objects represent access to different parts of Confluent Cloud.
                    Some types

                    of API keys represent access to a single cluster/resource such as a Kafka cluster,

                    Schema Registry cluster or a ksqlDB cluster. Cloud API Keys represent access to resources
                    within an organization

                    that are not tied to a specific cluster, such as the Org API, IAM API, Metrics API
                    or Connect API.

                    Tableflow API keys and Global API keys are not tied to a specific cluster.


                    The API allows you to list, create, update and delete your API Keys.



                    Related guide: [API Keys in Confluent Cloud](https://docs.confluent.io/cloud/current/client-apps/api-keys.html).


                    ## The API Keys Model

                    <SchemaDefinition schemaRef="#/components/schemas/iam.v2.ApiKey" />


                    ## Quotas and Limits

                    This resource is subject to the [following quotas](https://docs.confluent.io/cloud/current/quotas/overview.html):


                    | Quota | Description |

                    | --- | --- |

                    | `apikeys_per_org` | API Keys in one Confluent Cloud organization |'
                  required:
                  - api_version
                  - kind
                  - metadata
                  - data
                  properties:
                    api_version:
                      type: string
                      enum:
                      - iam/v2
                      description: APIVersion defines the schema version of this representation of a resource.
                      readOnly: true
                    kind:
                      type: string
                      description: Kind defines the object this REST resource represents.
                      readOnly: true
                      enum:
                      - ApiKeyList
                    metadata:
                      allOf:
                      - type: object
                        description: ListMeta describes metadata that resource collections may have
                        properties:
                          first:
                            description: A link to the first page of results. If a response does not contain
                              a first link, then direct navigation to the first page is not supported.
                            type: string
                            format: uri
                            nullable: true
                            example: https://api.confluent.cloud/v2/resourcekinds
                          last:
                            description: A link to the last page of results. If a response does not contain
                              a last link, then direct navigation to the last page is not supported.
                            type: string
                            format: uri
                            nullable: true
                            example: https://api.confluent.cloud/v2/resourcekinds?page_token=bcAOehAY8F16YD84Z1wT
                          prev:
                            description: A link to the previous page of results. If a response does not
                              contain a prev link, then either there is no previous data or backwards
                              traversal through the result set is not supported.
                            type: string
                            format: uri
                            nullable: true
                            example: https://api.confluent.cloud/v2/resourcekinds?page_token=YIXRY97wWYmwzrax4dld
                          next:
                            description: A link to the next page of results. If a response does not contain
                              a next link, then there is no more data available.
                            type: string
                            format: uri
                            nullable: true
                            example: https://api.confluent.cloud/v2/resourcekinds?page_token=UvmDWOB1iwfAIBPj6EYb
                          total_size:
                            description: Number of records in the full result set. This response may be
                              paginated and have a smaller number of records.
                            type: integer
                            format: int32
                            minimum: 0
                            example: 123
                        title: ListMeta
                      - properties:
                          first:
                            example: https://api.confluent.cloud/iam/v2/api-keys
                          last:
                            example: https://api.confluent.cloud/iam/v2/api-keys?page_token=bcAOehAY8F16YD84Z1wT
                          prev:
                            example: https://api.confluent.cloud/iam/v2/api-keys?page_token=YIXRY97wWYmwzrax4dld
                          next:
                            example: https://api.confluent.cloud/iam/v2/api-keys?page_token=UvmDWOB1iwfAIBPj6EYb
                    data:
                      type: array
                      description: A data property that contains an array of resource items. Each entry
                        in the array is a separate resource.
                      items:
                        allOf:
                        - type: object
                          description: '`ApiKey` objects represent access to different parts of Confluent
                            Cloud. Some types

                            of API keys represent access to a single cluster/resource such as a Kafka
                            cluster,

                            Schema Registry cluster or a ksqlDB cluster. Cloud API Keys represent access
                            to resources within an organization

                            that are not tied to a specific cluster, such as the Org API, IAM API, Metrics
                            API or Connect API.

                            Tableflow API keys and Global API keys are not tied to a specific cluster.


                            The API allows you to list, create, update and delete your API Keys.



                            Related guide: [API Keys in Confluent Cloud](https://docs.confluent.io/cloud/current/client-apps/api-keys.html).


                            ## The API Keys Model

                            <SchemaDefinition schemaRef="#/components/schemas/iam.v2.ApiKey" />


                            ## Quotas and Limits

                            This resource is subject to the [following quotas](https://docs.confluent.io/cloud/current/quotas/overview.html):


                            | Quota | Description |

                            | --- | --- |

                            | `apikeys_per_org` | API Keys in one Confluent Cloud organization |'
                          properties:
                            api_version:
                              type: string
                              enum:
                              - iam/v2
                              description: APIVersion defines the schema version of this representation
                                of a resource.
                              readOnly: true
                            kind:
                              type: string
                              description: Kind defines the object this REST resource represents.
                              readOnly: true
                              enum:
                              - ApiKey
                            id:
                              description: ID is the "natural identifier" for an object within its scope/namespace;
                                it is normally unique across time but not space. That is, you can assume
                                that the ID will not be reclaimed and reused after an object is deleted
                                ("time"); however, it may collide with IDs for other object `kinds` or
                                objects of the same `kind` within a different scope/namespace ("space").
                              type: string
                              maxLength: 255
                              readOnly: true
                              example: dlz-f3a90de
                            metadata:
                              allOf:
                              - description: ObjectMeta is metadata that all persisted resources must
                                  have, which includes all objects users must create.
                                required:
                                - self
                                properties:
                                  self:
                                    description: Self is a Uniform Resource Locator (URL) at which an
                                      object can be addressed. This URL encodes the service location,
                                      API version, and other particulars necessary to locate the resource
                                      at a point in time
                                    type: string
                                    format: uri
                                    readOnly: true
                                    example: https://api.confluent.cloud/v2/kafka-clusters/lkc-f3a90de
                                  resource_name:
                                    description: Resource Name is a Uniform Resource Identifier (URI)
                                      that is globally unique across space and time. It is represented
                                      as a Confluent Resource Name
                                    type: string
                                    format: uri
                                    readOnly: true
                                    example: crn://confluent.cloud/kafka=lkc-f3a90de
                                  created_at:
                                    type: string
                                    format: date-time
                                    example: '2006-01-02T15:04:05-07:00'
                                    readOnly: true
                                    description: The date and time at which this object was created. It
                                      is represented in RFC3339 format and is in UTC.
                                  updated_at:
                                    type: string
                                    format: date-time
                                    example: '2006-01-02T15:04:05-07:00'
                                    readOnly: true
                                    description: The date and time at which this object was last updated.
                                      It is represented in RFC3339 format and is in UTC.
                                  deleted_at:
                                    type: string
                                    format: date-time
                                    example: '2006-01-02T15:04:05-07:00'
                                    readOnly: true
                                    description: The date and time at which this object was (or will be)
                                      deleted. It is represented in RFC3339 format and is in UTC.
                                readOnly: true
                                title: ObjectMeta
                              - properties:
                                  self:
                                    example: https://api.confluent.cloud/iam/v2/api-keys/ak-12345
                                  resource_name:
                                    example: crn://confluent.cloud/organization=9bb441c4-edef-46ac-8a41-c49e44a3fd9a/api-key=ak-12345
                            spec:
                              type: object
                              description: The desired state of the Api Key
                              properties:
                                secret:
                                  type: string
                                  example: R15hoiDIq8Nxu/lY4mPO3DwAVIfU5W7OI+efsB607mLgHTnVW5XJGVqX2ysDx987
                                  description: The API key secret. Only provided in `create` responses,
                                    not in `get` or `list`.
                                  x-redact: true
                                  x-immutable: true
                                  readOnly: true
                                display_name:
                                  type: string
                                  example: CI kafka access key
                                  description: A human readable name for the API key
                                description:
                                  type: string
                                  example: This API key provides kafka access to cluster x
                                  description: A human readable description for the API key
                                expires_at:
                                  type: string
                                  format: date-time
                                  example: '2026-01-01T00:00:00Z'
                                  description: The date and time at which this API key will expire. It
                                    is represented in RFC3339 format and is in UTC.
                                  readOnly: true
                                  x-immutable: true
                                owner:
                                  allOf:
                                  - type: object
                                    description: ObjectReference provides information for you to locate
                                      the referred object
                                    required:
                                    - id
                                    - related
                                    - resource_name
                                    properties:
                                      id:
                                        type: string
                                        description: ID of the referred resource
                                        minLength: 1
                                        maxLength: 255
                                      related:
                                        type: string
                                        format: uri
                                        description: API URL for accessing or modifying the referred object
                                        minLength: 1
                                        readOnly: true
                                      resource_name:
                                        type: string
                                        format: uri
                                        description: CRN reference to the referred resource
                                        minLength: 1
                                        readOnly: true
                                      api_version:
                                        type: string
                                        description: API group and version of the referred resource
                                        minLength: 1
                                        readOnly: true
                                      kind:
                                        type: string
                                        description: Kind of the referred resource
                                        minLength: 1
                                        readOnly: true
                                    title: TypedGlobalObjectReference
                                  description: The owner to which this belongs. The owner can be one of
                                    iam.v2.User, iam.v2.ServiceAccount.
                                  x-immutable: true
                                resource:
                                  allOf:
                                  - type: object
                                    description: ObjectReference provides information for you to locate
                                      the referred object
                                    required:
                                    - id
                                    - related
                                    - resource_name
                                    properties:
                                      id:
                                        type: string
                                        description: ID of the referred resource
                                        minLength: 1
                                        maxLength: 255
                                      environment:
                                        type: string
                                        description: Environment of the referred resource, if env-scoped
                                        minLength: 1
                                        maxLength: 255
                                      related:
                                        type: string
                                        format: uri
                                        description: API URL for accessing or modifying the referred object
                                        minLength: 1
                                        readOnly: true
                                      resource_name:
                                        type: string
                                        format: uri
                                        description: CRN reference to the referred resource
                                        minLength: 1
                                        readOnly: true
                                      api_version:
                                        type: string
                                        description: API group and version of the referred resource
                                        minLength: 1
                                        readOnly: true
                                      kind:
                                        type: string
                                        description: Kind of the referred resource
                                        minLength: 1
                                        readOnly: true
                                    title: TypedEnvScopedObjectReference
                                  nullable: true
                                  description: 'The resource associated with this object. The resource
                                    can be one of Kafka Cluster ID (example: lkc-12345),

                                    Schema Registry Cluster ID (example: lsrc-12345), ksqlDB Cluster ID
                                    (example: lksqlc-12345), or Flink

                                    (Environment + Region pair, example: env-abc123.aws.us-east-2).

                                    May be null or omitted if not associated with a resource. For creating
                                    Cloud API key, resource id should be `CLOUD`,

                                    for creating Tableflow API key, resource id should be `TABLEFLOW`,
                                    for creating Global API key, resource id should be `GLOBAL`.

                                    The resource id is case-insensitive.

                                    [Learn more in Authentication](https://docs.confluent.io/cloud/current/api.html#section/Authentication).


                                    Note - Flink is in the [Preview lifecycle stage](https://docs.confluent.io/cloud/current/api.html#section/Versioning/API-Lifecycle-Policy)

                                    '
                                  x-immutable: true
                              x-enable-id: true
                              x-enable-listmeta: true
                              x-enable-objectmeta: true
                              title: iam.v2.ApiKeySpec
                          title: iam.v2.ApiKey
                        - type: object
                          required:
                          - id
                          - metadata
                          - spec
                          properties:
                            spec:
                              type: object
                              required:
                              - owner
                      uniqueItems: true
                  title: iam.v2.ApiKeyList
                - type: object
                  properties:
                    data:
                      type: array
                      items:
                        properties:
                          spec:
                            type: object
                            properties:
                              owner:
                                example:
                                  id: u-a83k9b
                                  related: https://api.confluent.cloud/iam/v2/users/u-a83k9b
                                  resource_name: https://api.confluent.cloud/user=u-a83k9b
                              resource:
                                nullable: true
                                example:
                                  id: lkc-c29js0
                                  related: https://api.confluent.cloud/cmk/v2/clusters/lkc-c29js0
                                  resource_name: https://api.confluent.cloud/organization=9bb441c4-edef-46ac-8a41-c49e44a3fd9a/environment=env-abc123/cloud-cluster=lkc-c29js0
          headers:
            X-Request-Id:
              schema:
                type: string
              description: The unique identifier for the API request.
            X-RateLimit-Limit:
              schema:
                type: integer
              description: The maximum number of requests you're permitted to make per time period.
            X-RateLimit-Remaining:
              schema:
                type: integer
              description: The number of requests remaining in the current rate limit window.
            X-RateLimit-Reset:
              schema:
                type: integer
              description: "The relative time in seconds until the current rate-limit window resets. \
                \ \n  \n**Important:** This differs from Github and Twitter's same-named header which\
                \ uses UTC epoch seconds. We use relative time to avoid client/server time synchronization\
                \ issues."
        '400':
          description: Bad Request
          headers:
            X-Request-Id:
              schema:
                type: string
              description: The unique identifier for the API request.
          content:
            application/json:
              schema:
                type: object
                description: Provides information about problems encountered while performing an operation.
                required:
                - errors
                properties:
                  errors:
                    description: List of errors which caused this operation to fail
                    type: array
                    items:
                      type: object
                      description: Describes a particular error encountered while performing an operation.
                      properties:
                        id:
                          description: A unique identifier for this particular occurrence of the problem.
                          type: string
                          maxLength: 255
                        status:
                          description: The HTTP status code applicable to this problem, expressed as a
                            string value.
                          type: string
                        code:
                          description: An application-specific error code, expressed as a string value.
                          type: string
                        title:
                          description: A short, human-readable summary of the problem. It **SHOULD NOT**
                            change from occurrence to occurrence of the problem, except for purposes of
                            localization.
                          type: string
                        detail:
                          description: A human-readable explanation specific to this occurrence of the
                            problem.
                          type: string
                        source:
                          type: object
                          description: If this error was caused by a particular part of the API request,
                            the source will point to the query string parameter or request body property
                            that caused it.
                          properties:
                            pointer:
                              description: A JSON Pointer [RFC6901] to the associated entity in the request
                                document [e.g. "/spec" for a spec object, or "/spec/title" for a specific
                                field].
                              type: string
                            parameter:
                              description: A string indicating which query parameter caused the error.
                              type: string
                        error_code:
                          type: integer
                          format: int32
                        message:
                          type: string
                          nullable: true
                      additionalProperties: false
                      title: Error
                    uniqueItems: true
                title: Failure
              example:
                errors:
                - id: ed42afdc-f0d5-4c0d-b428-9fc6ed6e279d
                  status: '400'
                  code: invalid_filter
                  title: Invalid Filter
                  detail: The 'delorean' resource can't be filtered by 'num_doors'
                  source:
                    parameter: num_doors
        '401':
          x-summary: Unauthorized
          description: The request lacks valid authentication credentials for this resource.
          headers:
            X-Request-Id:
              schema:
                type: string
              description: The unique identifier for the API request.
            WWW-Authenticate:
              schema:
                type: string
              description: The unique identifier for the API request.
              example: Basic error="invalid_key", error_description="The API Key is invalid"
          content:
            application/json:
              schema:
                type: object
                description: Provides information about problems encountered while performing an operation.
                required:
                - errors
                properties:
                  errors:
                    description: List of errors which caused this operation to fail
                    type: array
                    items:
                      type: object
                      description: Describes a particular error encountered while performing an operation.
                      properties:
                        id:
                          description: A unique identifier for this particular occurrence of the problem.
                          type: string
                          maxLength: 255
                        status:
                          description: The HTTP status code applicable to this problem, expressed as a
                            string value.
                          type: string
                        code:
                          description: An application-specific error code, expressed as a string value.
                          type: string
                        title:
                          description: A short, human-readable summary of the problem. It **SHOULD NOT**
                            change from occurrence to occurrence of the problem, except for purposes of
                            localization.
                          type: string
                        detail:
                          description: A human-readable explanation specific to this occurrence of the
                            problem.
                          type: string
                        source:
                          type: object
                          description: If this error was caused by a particular part of the API request,
                            the source will point to the query string parameter or request body property
                            that caused it.
                          properties:
                            pointer:
                              description: A JSON Pointer [RFC6901] to the associated entity in the request
                                document [e.g. "/spec" for a spec object, or "/spec/title" for a specific
                                field].
                              type: string
                            parameter:
                              description: A string indicating which query parameter caused the error.
                              type: string
                        error_code:
                          type: integer
                          format: int32
                        message:
                          type: string
                          nullable: true
                      additionalProperties: false
                      title: Error
                    uniqueItems: true
                title: Failure
              example:
                errors:
                - id: ed42afdc-f0d5-4c0d-b428-9fc6ed6e279d
                  status: '401'
                  code: user_unauthenticated
                  title: Authentication Required
                  detail: Valid authentication credentials must be provided
        '403':
          x-summary: Forbidden
          description: The access credentials were considered insufficient to grant access
          headers:
            X-Request-Id:
              schema:
                type: string
              description: The unique identifier for the API request.
          content:
            application/json:
              schema:
                type: object
                description: Provides information about problems encountered while performing an operation.
                required:
                - errors
                properties:
                  errors:
                    description: List of errors which caused this operation to fail
                    type: array
                    items:
                      type: object
                      description: Describes a particular error encountered while performing an operation.
                      properties:
                        id:
                          description: A unique identifier for this particular occurrence of the problem.
                          type: string
                          maxLength: 255
                        status:
                          description: The HTTP status code applicable to this problem, expressed as a
                            string value.
                          type: string
                        code:
                          description: An application-specific error code, expressed as a string value.
                          type: string
                        title:
                          description: A short, human-readable summary of the problem. It **SHOULD NOT**
                            change from occurrence to occurrence of the problem, except for purposes of
                            localization.
                          type: string
                        detail:
                          description: A human-readable explanation specific to this occurrence of the
                            problem.
                          type: string
                        source:
                          type: object
                          description: If this error was caused by a particular part of the API request,
                            the source will point to the query string parameter or request body property
                            that caused it.
                          properties:
                            pointer:
                              description: A JSON Pointer [RFC6901] to the associated entity in the request
                                document [e.g. "/spec" for a spec object, or "/spec/title" for a specific
                                field].
                              type: string
                            parameter:
                              description: A string indicating which query parameter caused the error.
                              type: string
                        error_code:
                          type: integer
                          format: int32
                        message:
                          type: string
                          nullable: true
                      additionalProperties: false
                      title: Error
                    uniqueItems: true
                title: Failure
              example:
                errors:
                - id: ed42afdc-f0d5-4c0d-b428-9fc6ed6e279d
                  status: '403'
                  code: user_unauthorized
                  title: User Access Unauthorized
                  detail: The user 'mcfly' is not allowed to access the 'delorean' resource without the
                    'plutonium' role.
        '429':
          description: Rate Limit Exceeded
          headers:
            X-Request-Id:
              schema:
                type: string
              description: The unique identifier for the API request.
            X-RateLimit-Limit:
              schema:
                type: integer
              description: The maximum number of requests you're permitted to make per time period.
            X-RateLimit-Remaining:
              schema:
                type: integer
              description: The number of requests remaining in the current rate limit window.
            X-RateLimit-Reset:
              schema:
                type: integer
              description: "The relative time in seconds until the current rate-limit window resets. \
                \ \n  \n**Important:** This differs from Github and Twitter's same-named header which\
                \ uses UTC epoch seconds. We use relative time to avoid client/server time synchronization\
                \ issues."
            Retry-After:
              schema:
                type: integer
              description: The number of seconds to wait until the rate limit window resets. Only sent
                when the rate limit is reached.
        '500':
          description: Oops, something went wrong!
          headers:
            X-Request-Id:
              schema:
                type: string
              description: The unique identifier for the API request.
          content:
            application/json:
              schema:
                type: object
                description: Provides information about problems encountered while performing an operation.
                required:
                - errors
                properties:
                  errors:
                    description: List of errors which caused this operation to fail
                    type: array
                    items:
                      type: object
                      description: Describes a particular error encountered while performing an operation.
                      properties:
                        id:
                          description: A unique identifier for this particular occurrence of the problem.
                          type: string
                          maxLength: 255
                        status:
                          description: The HTTP status code applicable to this problem, expressed as a
                            string value.
                          type: string
                        code:
                          description: An application-specific error code, expressed as a string value.
                          type: string
                        title:
                          description: A short, human-readable summary of the problem. It **SHOULD NOT**
                            change from occurrence to occurrence of the problem, except for purposes of
                            localization.
                          type: string
                        detail:
                          description: A human-readable explanation specific to this occurrence of the
                            problem.
                          type: string
                        source:
                          type: object
                          description: If this error was caused by a particular part of the API request,
                            the source will point to the query string parameter or request body property
                            that caused it.
                          properties:
                            pointer:
                              description: A JSON Pointer [RFC6901] to the associated entity in the request
                                document [e.g. "/spec" for a spec object, or "/spec/title" for a specific
                                field].
                              type: string
                            parameter:
                              description: A string indicating which query parameter caused the error.
                              type: string
                        error_code:
                          type: integer
                          format: int32
                        message:
                          type: string
                          nullable: true
                      additionalProperties: false
                      title: Error
                    uniqueItems: true
                title: Failure
              example:
                errors:
                - id: ed42afdc-f0d5-4c0d-b428-9fc6ed6e279d
                  status: '500'
                  code: out_of_gas
                  title: DeLorean Out Of Gas
                  detail: The DeLorean has run out of gas, but Doc Brown will fill 'er up for you asap
      servers:
      - url: https://api.confluent.cloud
        description: Confluent Cloud API