All requests below will use this key. Your API key is sent directly to api.cueapi.ai and never stored by the docs site.
/v1/auth/keyReveal Default API Key
Reveal the full plaintext of the default API key for the authenticated user. Requires session JWT or another non-revealable bearer.
Reveals the default API key for the authenticated account in plaintext. Used by the dashboard immediately after device-code login so the user can copy their key without seeing it only once at registration.
Note
This endpoint is distinct from the multi-key surface. It always returns the legacy default key (the one stored on the user row). For per-agent or scoped keys minted via POST /v1/auth/keys, the plaintext is returned once at creation and never retrievable later — by design.
Request
curl https://api.cueapi.ai/v1/auth/key \
-H "Authorization: Bearer cue_sk_YOUR_KEY"Response
{
"api_key": "cue_sk_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4",
"key_prefix": "cue_sk_a1b2"
}When the plaintext is unavailable
The default key's plaintext is stored encrypted at rest (separate from the hash used for auth). If the encryption key has been rotated since the user registered, the plaintext can't be recovered:
{
"error": {
"code": "plaintext_unavailable",
"message": "API key plaintext is no longer recoverable. Use POST /v1/auth/key/regenerate.",
"status": 410
}
}In that case the user must rotate via POST /v1/auth/key/regenerate and capture the new plaintext from the rotation response.
Errors
| Status | Code | Cause |
|---|---|---|
| 401 | not_authenticated | Missing/invalid bearer token (or expired session JWT) |
| 410 | plaintext_unavailable | Encryption key was rotated; plaintext unrecoverable |
/v1/auth/key