# Get project key Return a project API key by ID. Endpoint: GET /projects/{project_id}/keys/{key_id} Version: 0.23.8 Security: Auth ## Path parameters: - `project_id` (string, required) Unique identifier (UUID) of the project. Example: "550e8400-e29b-41d4-a716-446655440000" - `key_id` (string, required) UUID of the key, as returned by the create or list endpoint for this resource. Not the raw secret. Example: "550e8400-e29b-41d4-a716-446655440000" ## Response 200 fields (application/json): - `item` (object, required) A project-scoped API key. The raw secret is only shown at creation. - `item.id` (string, required) Unique key identifier. - `item.name` (string, required) Human-readable key name. - `item.key_preview` (string, required) First 6 characters of the random body, i.e. the 6 characters immediately after the vilna_{type}_ prefix. For raw key vilna_api_a1B2c3D4e5F6g7H8i9J0k1L2m3N4o5 the preview is a1B2c3. Safe to display in UIs for identifying a key without exposing the secret. - `item.permissions` (array, required) Raw permission strings granted to the key. Enum: "api:address:read", "api:address:write", "api:address:delete", "api:transaction:read", "api:blockchain:read", "api:balance:read", "api:asset:read", "api:asset:write", "api:simulate:call", "api:subscription:read", "api:subscription:write", "api:subscription:delete", "api:channel:read", "api:channel:write", "api:channel:delete", "api:public_key:read", "api:public_key:write", "api:public_key:delete", "api:invoice:read", "api:invoice:write", "api:invoice:delete", "api:token_group:read", "api:token_group:write", "api:token_group:delete", "api:address_group:read", "api:address_group:write", "api:address_group:delete" - `item.created_at` (string, required) Timestamp when the resource was created. RFC 3339 / ISO 8601, UTC. - `item.expires_at` (string) Timestamp when the resource expires. RFC 3339 / ISO 8601, UTC. Absent if the resource never expires. - `item.revoked_at` (string) Timestamp when the resource was revoked. RFC 3339 / ISO 8601, UTC. Absent if the resource is active. - `item.last_used_at` (string) Timestamp of the most recent successful authentication with this key. RFC 3339 / ISO 8601, UTC. Absent until the key has been used at least once. - `item.workspace_id` (string, required) Workspace the key's project belongs to. Populated for convenience; always matches the project's workspace. - `item.project_id` (string, required) Project this key is scoped to. ## Response 401 fields (application/problem+json): - `type` (string, required) A URI that identifies the error type. Open it in a browser to read about this category of error. Example: "https://docs.vilna.io/apis/problems/unauthorized" - `title` (string, required) A short summary of the error type. Use detail for information specific to this occurrence. Example: "Unauthorized" - `status` (integer, required) The HTTP status code for this error. Matches the status code of the HTTP response. Example: 401 - `detail` (string) A human-readable explanation of what went wrong in this specific case. May be localized. Example: "Missing or invalid authentication credentials" - `instance` (string) A URI that identifies this specific error occurrence. Include this value when contacting support. - `code` (string, required) Stable machine-readable error code ({domain}.{reason}) for programmatic error handling. Unlike the HTTP status or free-form detail, this code is guaranteed not to change between versions for a given error condition, so it is safe to branch on in client code. Defaults to unspecified when the server has not assigned a specific code. Example: "auth.unauthorized" ## Response 403 fields (application/problem+json): - `type` (string, required) A URI that identifies the error type. Open it in a browser to read about this category of error. Example: "https://docs.vilna.io/apis/problems/forbidden" - `title` (string, required) A short summary of the error type. Use detail for information specific to this occurrence. Example: "Forbidden" - `status` (integer, required) The HTTP status code for this error. Matches the status code of the HTTP response. Example: 403 - `detail` (string) A human-readable explanation of what went wrong in this specific case. May be localized. Example: "You do not have permission to perform this action" - `instance` (string) A URI that identifies this specific error occurrence. Include this value when contacting support. - `code` (string, required) Stable machine-readable error code ({domain}.{reason}) for programmatic error handling. Unlike the HTTP status or free-form detail, this code is guaranteed not to change between versions for a given error condition, so it is safe to branch on in client code. Defaults to unspecified when the server has not assigned a specific code. Example: "chain.not_allowed" ## Response 404 fields (application/problem+json): - `type` (string, required) A URI that identifies the error type. Open it in a browser to read about this category of error. Example: "https://docs.vilna.io/apis/problems/not-found" - `title` (string, required) A short summary of the error type. Use detail for information specific to this occurrence. Example: "Not Found" - `status` (integer, required) The HTTP status code for this error. Matches the status code of the HTTP response. Example: 404 - `detail` (string) A human-readable explanation of what went wrong in this specific case. May be localized. Example: "The requested resource was not found" - `instance` (string) A URI that identifies this specific error occurrence. Include this value when contacting support. - `code` (string, required) Stable machine-readable error code ({domain}.{reason}) for programmatic error handling. Unlike the HTTP status or free-form detail, this code is guaranteed not to change between versions for a given error condition, so it is safe to branch on in client code. Defaults to unspecified when the server has not assigned a specific code. Example: "blockchain.not_found" ## Response default fields (application/problem+json): - `type` (string, required) A URI that identifies the error type. Open it in a browser to read about this category of error. - `title` (string, required) A short summary of the error type. Use detail for information specific to this occurrence. - `status` (integer, required) The HTTP status code for this error. Matches the status code of the HTTP response. - `detail` (string) A human-readable explanation of what went wrong in this specific case. May be localized. - `instance` (string) A URI that identifies this specific error occurrence. Include this value when contacting support. - `code` (string, required) Stable machine-readable error code ({domain}.{reason}) for programmatic error handling. Unlike the HTTP status or free-form detail, this code is guaranteed not to change between versions for a given error condition, so it is safe to branch on in client code. Defaults to unspecified when the server has not assigned a specific code.