Jump To Category Page

Jump To Representative Detail

API Keys Category View

API key inventory should quickly separate known credential lanes from unknown or weakly governed ones, then show how broadly each lane is shared.

The category page should make credential posture obvious: whether the key is known, who shares it, and which sessions or repos make it consequential.

Use This Page When Asking

Which credential lanes are unknown, weakly governed, or shared too broadly?

Representative Detail

sk-ant-...C001

Open representative detail

Keys observed

One unknown lane

Shared lanes

Reuse changes blast radius

Unknown key sessions

Already driving alerts

Fastest drill

unknown prefix

Trust question first

Why This Page Exists

This category page should help the reviewer decide what matters in api keys before the raw table takes over the reading experience.

What This Page Should Make Obvious

The reviewer should know what is routine, what is risky, and what deserves the next click.

Credential status should dominate the category page

Known versus unknown is more important than rate limit or first-seen metadata.

Show lane sharing clearly

A reused key matters because it can widen consequence across people, repos, and sessions.

Preserve raw usage tables as follow-up evidence

The refined page should still point to exact sessions, spend, and timing after the trust framing.

Fastest Drill Paths

The next clicks should feel obvious and intentional.

Unknown key lane

One unregistered key now participates in a live security story.

Open representative detail

Best first page for quickly answering whether the lane is approved or truly unknown.

Raw key inventory

The plain list still helps confirm org scope, rate limits, and first/last seen values.

Open c6 raw list

Reviewers will want the canonical ledger after the trust framing.

Credential-Centered Topology

An API key map should show who is spending with it, where it is used, and whether it belongs there.

Useful per key: org ownership, allowlist status, sessions, users, endpoints, models, and the anomalies that turn a credential from routine infrastructure into an incident.

API Key

sk-ant-...C001

Unknown credential currently active from an unresolved endpoint.

1 session · $0.61 · 22 min ago

Organization

unknown

Allowlist status

not registered

Current user

unknown (10.0.1.44)

Model in use

claude-sonnet-4-6

Observed With

The main attribution questions.

3 nodes

unknown useridentity unresolved

10.0.1.44unknown endpoint

Claude Code v1.2.0agent

Usage Context

The runtime context of the key.

3 nodes

claude-sonnet-4-6model

1 active sessionin progress

22m durationcurrent run

Known Comparables

How this key differs from normal org credentials.

3 nodes

sk-ant-...A3F2known dev key

sk-ant-...7B91known CI key

qpoint allowlistmissing entry

Response Path

What the visualization should invite next.

3 nodes

security rule firedunknown API key

review session detailtrace activity

rotate or revokecredential action

c6 Raw Reference

c6 shape: risk banner, count strip, map, then key-by-key ledger.

1 unknown API key

sk-ant-...C001 is not in the org allowlist and has an active session.

Keys observed

Unknown keys

Immediate review

Primary org

qpoint-dev

Live unknown spend

$0.61

Why Keep The Raw Ledger

c12 should still flow back into the raw inventory model. This page frames the question and likely answer; the raw table proves it.

Open c6 Raw List

Use the original category ledger for exact rows, counts, and timestamps.

Open c6 raw list

Raw API Key Inventory

Prefix, organization, sessions, spend, status, and last seen.

Key prefix	Organization	Sessions	Total cost	Status
sk-ant-...A3F2	qpoint-dev	33	$47.20	known
sk-ant-...7B91	qpoint-ci	11	$0.82	known
sk-ant-...C001	unknown	1	$0.61	unknown