Get Agent Api Key
Return metadata for the agent’s currently active API key.
Returns the public-safe prefix and a display-only masked_key.
The plaintext secret is unrecoverable by design — if the owner has
lost it, they must POST to rotate.
Args: agent_id: Path parameter. current_user: Resolved from JWT. db: SQLAlchemy session.
Returns:
:class:APIKeyMetadataResponse with key_prefix, masked_key,
and created_at.
Raises:
HTTPException 401: missing or invalid JWT.
HTTPException 404: agent missing / not owned; or owned but has no
active key. Both shapes use the same status code so the
caller cannot distinguish “agent doesn’t exist” from “no key
generated yet”. The detail differentiates so the UI can
render “未生成” instead of “agent not found”.
Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
Path Parameters
Response
Successful Response
Response model for GET /api/agents/{agent_id}/api-key.
Returned only when an active (non-revoked) key exists for the agent;
callers receive HTTP 404 with detail='no_active_key' otherwise.
Crucially, full_key is not part of this shape -- the
plaintext secret is unrecoverable post-generation by design.
Public-safe 6-char lookup handle of the active key.
Display form xag_<prefix>_•••••••• with a fixed eight bullet characters. The bullet count does not reflect the secret's real length (32 chars) by design.
UTC timestamp when the active key was created.