List website keys

GET https://datafa.st/api/v1/admin/websites/{websiteId}/apikeys

List df_ website API keys for one website. Returns masked keys only. Mobile app and WooCommerce integration keys are excluded.

A df_ key scoped to the same website can call this endpoint.

Request

Path parameters

websiteId

string

Website ObjectId. From List websites (_id field). Example: 665f0b3c4d2e1a0012345678.

Response

Returns a JSON object with status: "success" and endpoint-specific fields in data.

Response fields

data[]._id

string

Website API key ObjectId.

data[].name

string|null

Human-readable name for the resource or event. The exact meaning depends on the endpoint.

data[].displayKey

string

Masked key shown in the dashboard.

data[].websiteId

string

Website ObjectId used by account tokens to choose which website to query or manage.

data[].lastUsedAt

string|null

Last usage timestamp.

data[].createdAt

string

Creation timestamp.

data[].key

string

Only returned when creating or rolling a key. Full raw key shown once.

Authentication

Use a dft_ account token with api-keys:read.

A df_ website API key for the same website can also call this route when the path websiteId matches the key's website. Write access with a df_ key is capped at member level — owner-only actions such as team management require a dft_ token and owner role.

Errors

See API errors for the standard error envelope, auth failures, validation errors, permission errors, and rate limits.

✍️ Something missing? Suggest features.

🤖 AI agent or LLM? Read this page as markdown

{ "status": "success", "data": [{ "_id": "665f0b3c4d2e1a0012345678", "name": "Production key", "displayKey": "df_ab12...xyz9", "websiteId": "665f0b3c4d2e1a0012345678", "lastUsedAt": null, "createdAt": "2026-05-21T00:00:00.000Z" }] }