Make unknown-vs-known obvious at first glance
The detail page should not bury the main credential question under secondary metadata.
QI
API Keys Detail
An API key detail page should explain one credential lane as a trust and blast-radius problem: who uses it, where it appears, and why the lane is ordinary or risky.
Use This Page When Asking
Is this credential lane expected and governed, or is it widening blast radius in a way that needs intervention?
Open c6 raw detailLinked sessions
4
One high-signal lane
Org posture
not allowlisted
Main trust break
Repo spread
2 repos
Crosses more than one context
Provider lane
Anthropic
External context path
Why This Detail Matters
Important Metadata
Unknown API key
This key is not in the org allowlist and active use has already triggered an alert.
Key Prefix
sk-ant-...C001
display-safe prefix only
Organization
unknown
Rate Limit (req)
500 / min
Rate Limit (tokens)
50K / min
First Seen
today
Last Seen
22 min ago
What This Detail Should Help Decide
Show connected sessions and repos near the top
A shared key matters because of what else is attached to it.
Keep raw session rows one click away
Once the trust story is framed, the reviewer should be able to verify it in the c6 ledger quickly.
Credential-Centered Topology
An API key map should show who is spending with it, where it is used, and whether it belongs there.
Useful per key: org ownership, allowlist status, sessions, users, endpoints, models, and the anomalies that turn a credential from routine infrastructure into an incident.
API Key
sk-ant-...C001
Unknown credential currently active from an unresolved endpoint.
1 session · $0.61 · 22 min ago
Organization
unknown
Allowlist status
not registered
Current user
unknown (10.0.1.44)
Model in use
claude-sonnet-4-6
Observed With
The main attribution questions.
unknown useridentity unresolved
10.0.1.44unknown endpoint
Claude Code v1.2.0agent
Usage Context
The runtime context of the key.
claude-sonnet-4-6model
1 active sessionin progress
22m durationcurrent run
Known Comparables
How this key differs from normal org credentials.
sk-ant-...A3F2known dev key
sk-ant-...7B91known CI key
qpoint allowlistmissing entry
Response Path
What the visualization should invite next.
security rule firedunknown API key
review session detailtrace activity
rotate or revokecredential action
Representative Event Chain
The page should show how the item participates in a readable sequence, not just a pile of supporting rows.
- 1
Appearance
A new prefix appears in active work without matching allowlist context
The category story should immediately distinguish a weakly explained credential lane from established keys.
sk-ant-...C001unknown allowlist status - 2
Sharing
The key connects more than one session or code context
Reuse is what turns a credential from a row in inventory into a blast-radius question.
shared lane2 repos - 3
Consequence
Sensitive files or important sessions make the key matter faster
The detail page should show where the credential sits beside consequential work rather than forcing the reviewer to discover that by hand.
auth-servicesession detail - 4
Decision
The reviewer decides whether to contain or reclassify the lane
The next move is either to confirm ownership or reduce scope before the lane spreads farther.
suspend keyconfirm owner
c6 Evidence Tables
Sessions Using This Key
c6 makes the current user, agent, and endpoint relationship explicit.
| User | Agent | Endpoint | Cost | Status |
|---|---|---|---|---|
| unknown | Claude Code v1.2.0 | 10.0.1.44 | $0.61 | active |
| sandbox-evals | Claude Code v1.2.0 | 10.0.1.17 | $2.37 | flagged |
Return To Category
Compare this representative detail against the full category framing and drill targets.
Open API Keys overviewOpen c6 Raw Detail
Use the original detail page for exact raw evidence after the c12 story framing.
Open c6 raw detailOpen c6 Raw List
Compare this item against the broader c6 entity ledger once the representative story is clear.
Open c6 raw list