List Keys
GET /cdp/keys — list a brand’s keys. Returns display-safe metadata only — never a hash or
plaintext.
Request
Section titled “Request”GET /cdp/keysQuery parameters
Section titled “Query parameters”| Param | Type | Required | Description |
|---|---|---|---|
brand_id | string | staff only | Target brand. Staff may list any brand; a non-staff brand-admin always lists their own brand (a different brand_id is rejected 403). |
Response 200
Section titled “Response 200”{ "keys": [ { "id": "key_abc", "key_prefix": "vyg_AbCd", "brand_id": "brand-uuid", "is_staff": false, "expires_at": null, "revoked_at": null, "created_at": "2026-01-15T00:00:00.000Z" } ]}Each entry is a display-safe record: id, key_prefix, brand_id, is_staff,
expires_at, revoked_at, created_at. The plaintext key is never included here — it is
only ever returned once, at issue or
rotate.
Example
Section titled “Example”curl -s "https://cdp.vyg.app/cdp/keys" \ -H "Authorization: Bearer <session-credential>"Errors
Section titled “Errors”| Status | When |
|---|---|
401 | Missing or invalid credential. |
403 | An API key was used for management; a non-staff caller targeted another brand; or no connected Shopify integration resolves a scope for the brand. |
405 | Unsupported method. |
500 | Brand-scope resolution failed. |
See Errors for the full envelope.