# Get API key information **GET /_security/api_key** Retrieves information for one or more API keys. NOTE: If you have only the `manage_own_api_key` privilege, this API returns only the API keys that you own. If you have `read_security`, `manage_api_key` or greater privileges (including `manage_security`), this API returns all API keys regardless of ownership. ## Required authorization * Cluster privileges: `manage_own_api_key`,`read_security` ## Servers - http://api.example.com: http://api.example.com () ## Authentication methods - Api key auth ## Parameters #### Query parameters - **id** (string) An API key id. This parameter cannot be used with any of `name`, `realm_name` or `username`. - **name** (string) An API key name. This parameter cannot be used with any of `id`, `realm_name` or `username`. It supports prefix search with wildcard. - **owner** (boolean) A boolean flag that can be used to query API keys owned by the currently authenticated user. The `realm_name` or `username` parameters cannot be specified when this parameter is set to `true` as they are assumed to be the currently authenticated ones. - **realm_name** (string) The name of an authentication realm. This parameter cannot be used with either `id` or `name` or when `owner` flag is set to `true`. - **username** (string) The username of a user. This parameter cannot be used with either `id` or `name` or when `owner` flag is set to `true`. - **with_limited_by** (boolean) Return the snapshot of the owner user's role descriptors associated with the API key. An API key's actual permission is the intersection of its assigned role descriptors and the owner user's role descriptors. - **active_only** (boolean) A boolean flag that can be used to query API keys that are currently active. An API key is considered active if it is neither invalidated, nor expired at query time. You can specify this together with other parameters such as `owner` or `name`. If `active_only` is false, the response will include both active and inactive (expired or invalidated) keys. - **with_profile_uid** (boolean) Determines whether to also retrieve the profile uid, for the API key owner principal, if it exists. ## Responses ### 200: #### Body Parameters: application/json (object) - **api_keys** (array[object]) [Powered by Bump.sh](https://bump.sh)