API Keys
List API Keys
List all active API keys for the authenticated user
GET
Endpoint
Dashboard-only endpoint. Authentication is via the WiseYield browser session (Clerk cookies). It cannot be called from a server-to-server integration today. Use the WiseYield dashboard’s Settings → API Keys page to manage keys; this page documents the wire format that page consumes.
Authentication
Requires a signed-in WiseYield session (Clerk cookies set by the dashboard). The cURL and Bearer examples below illustrate the wire shape but are not directly callable outside the browser —fetch('/api/api-keys', { credentials: 'include' }) from the dashboard is how it’s actually invoked.
Response
Returns list of API keys with usage statistics.Array of API key objects (sorted by creation date, newest first)
Total number of active API keys
Errors
Unauthorized - User not signed in via Clerk
Internal Server Error - Failed to fetch API keys
How It Works
Query Flow:- Authentication: Verifies user is signed in via Clerk
- Database Query: Fetches all API keys where:
userIdmatches authenticated userrevokedAtisnull(not revoked)
- Sorting: Orders by
createdAtdescending (newest first) - Security Masking: Masks full keys using
maskApiKey()function - Response: Returns array of masked keys with metadata
API Key Structure
Key Format
- Prefix:
wy_(WiseYield identifier) - Environment:
liveortest - Random part: 48 hexadecimal characters (24 random bytes)
Environments
Available Scopes
Farm Management:farms:read- View farmsfarms:write- Create and update farms
crops:read- View cropscrops:write- Create and update crops
fields:read- View fieldsfields:write- Create and update fields
analytics:read- View analytics and predictions
tasks:read- View taskstasks:write- Create and update tasks
team:read- View team membersteam:write- Manage team members
webhooks:read- View webhookswebhooks:write- Create and update webhooks
all- Full access to all resources
Use Cases
Display API Keys Table
Check Key Usage
Filter by Environment
Check for Expiring Keys
Best Practices
Security Considerations
Key Storage:- Only SHA-256 hash stored in database
- Prefix stored for identification (first 16 chars)
- Full key never retrievable after creation
- Keys masked in UI:
wy_live_abc123de...**** - Prevents accidental exposure in screenshots
- Safe to display in logs and monitoring
- Keys cannot access resources outside their scopes
allscope grants full access (use cautiously)- Scopes validated on every API request
Related Endpoints
- Create API Key - POST to generate new API key
- Revoke API Key - DELETE to revoke existing key