> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pickupbell.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List API keys

> Only shows key prefixes + scopes — plaintext secrets are never returned.



## OpenAPI

````yaml GET /locations/{locationId}/api-keys
openapi: 3.1.0
info:
  title: PickupBell API
  version: 1.0.0
  description: >
    Public REST surface for PickupBell — the AI receptionist for HVAC, plumbing,
    and home-services contractors.


    All requests authenticate via `Authorization: Bearer <uuid>`. Every response
    is JSON with shape `{ "data": … }` (or `{ "error": { "code", "message",
    "details" } }` on failure).


    Only endpoints an API token can successfully call are documented here.
    UI-only operations (create location, invite member, mint / revoke API key,
    billing checkout / portal) require a user session and are not part of the
    public API.
  contact:
    email: support@pickupbell.com
servers:
  - url: https://api.pickupbell.com
    description: >-
      Production (vanity domain — Vercel rewrite proxies to
      app.pickupbell.com/api/v1)
  - url: https://app.pickupbell.com/api/v1
    description: App-domain alias (works without the rewrite)
  - url: http://localhost:3000/api/v1
    description: Local development
security:
  - bearerAuth: []
tags:
  - name: Me
  - name: Locations
  - name: Members
  - name: API keys
  - name: Agent
  - name: Business hours
  - name: Call forwarding
  - name: FAQs
  - name: Pricebook
  - name: Calls
  - name: Leads
  - name: Bookings
  - name: Insights
  - name: Notifications
  - name: Integrations
  - name: Webhook endpoints
paths:
  /locations/{locationId}/api-keys:
    parameters:
      - $ref: '#/components/parameters/WorkspaceId'
    get:
      tags:
        - API keys
      summary: List API keys issued for this location
      description: Only shows key prefixes + scopes — plaintext secrets are never returned.
      operationId: listApiKeys
      responses:
        '200':
          description: Keys
          content:
            application/json:
              schema:
                type: object
                properties:
                  data:
                    type: array
                    items:
                      $ref: '#/components/schemas/ApiKey'
components:
  parameters:
    WorkspaceId:
      name: locationId
      in: path
      required: true
      schema:
        type: string
      description: Location UUID or slug (e.g. `premier-hvac`).
  schemas:
    ApiKey:
      type: object
      description: The secret is never returned by any list or read endpoint.
      properties:
        id:
          type: string
          format: uuid
        location_id:
          type: string
          format: uuid
        label:
          type: string
        key_prefix:
          type: string
          example: '550e8400'
          description: First 8 chars of the UUID secret.
        scopes:
          type: array
          items:
            $ref: '#/components/schemas/Scope'
        created_at:
          type: string
          format: date-time
        last_used_at:
          type: string
          format: date-time
          nullable: true
        revoked_at:
          type: string
          format: date-time
          nullable: true
    Scope:
      type: string
      enum:
        - locations:read
        - locations:write
        - members:read
        - members:write
        - calls:read
        - calls:write
        - transcripts:read
        - recordings:read
        - leads:read
        - leads:write
        - bookings:read
        - bookings:write
        - insights:read
        - agent:read
        - agent:write
        - faqs:read
        - faqs:write
        - webhooks:admin
        - api_keys:read
        - api_keys:admin
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: uuid
      description: Location-scoped API token from **Settings → API & MCP**.

````