> ## Documentation Index > Fetch the complete documentation index at: https://docs.alakazam.gg/llms.txt > Use this file to discover all available pages before exploring further. # List key metadata ## OpenAPI ````yaml /alakazam-v1.yaml get /v1/apps/{id}/keys openapi: 3.1.0 info: title: Alakazam — Programmable Worlds API version: '1.0' description: > **Alakazam is the programmable worlds API.** Generate playable, AI-rendered worlds from a prompt or an image, program their logic, and embed them in your own products and games. A world is *programmable*: a live graph of states and events you generate, then read, edit, fork, drive, and react to through the API. Two surfaces: a **Creation API** (generate, read, manage, fork worlds) and a **Runtime/Embed API** (mint short-lived session tokens your end-users' browsers use to boot an embedded world). **Authentication.** Two schemes. Management endpoints (`/v1/apps*`) use your Supabase user session. Data endpoints use an **API key** issued per app: `pk_…` (publishable, browser-safe, read + embed) and `sk_…` (secret, server-only, create worlds + mint sessions). Never ship a secret key to a browser. **Usage & quota.** Generations and session mints are metered per app and reserved before any GPU spend; exceeding the daily quota returns `402`. servers: - url: https://api.alakazam.gg description: Production (placeholder — set to your conjure-service host) security: [] tags: - name: Apps & Keys description: >- Create apps (tenants) and manage API keys. Authenticated with your user session. - name: Worlds description: >- Create, read, manage, and fork SMWorld games. Authenticated with an API key. - name: Graph editing description: > Read and program a world's graph — states (nodes), events (edges), and the entrance — with deterministic CRUD, a batch op vocabulary, a natural-language kernel-agent edit, and the kernel validate/lint gate. Every write is validated fail-closed before it persists. Authenticated with an API key. - name: Versions description: > Snapshot, branch, check out, and diff a world's graph. Versions form a branching tree of full snapshots; a HEAD pointer tracks the working graph. Authenticated with an API key. - name: Characters description: > Create, manage, and talk to characters — a SMWorld subtype that pairs a stance-graph with a "brain" (persona, lore, voice). CRUD is authenticated with an API key; the live talk turn (/say) and voice (/tts) are called from the browser with a short-lived session token. - name: Sessions description: Mint short-lived runtime tokens for embedding a world. - name: Usage description: Per-app usage and quota. - name: Webhooks description: >- Register HTTPS endpoints to receive signed server-side event notifications. Managed with your user session. paths: /v1/apps/{id}/keys: get: tags: - Apps & Keys summary: List key metadata parameters: - name: id in: path required: true schema: type: string format: uuid responses: '200': description: Key metadata (never the secret) content: application/json: schema: type: object properties: keys: type: array items: $ref: '#/components/schemas/KeyMetadata' '401': description: Authentication required content: application/json: schema: $ref: '#/components/schemas/Error' security: - UserAuth: [] components: schemas: KeyMetadata: type: object properties: id: type: string format: uuid prefix: type: string last4: type: string kind: type: string enum: - publishable - secret mode: type: string enum: - test - live scopes: type: array items: type: string name: type: string created_at: type: string format: date-time last_used_at: type: string format: date-time nullable: true revoked_at: type: string format: date-time nullable: true Error: type: object properties: detail: type: string description: Human-readable error message. errors: type: array items: type: string description: Field-level validation errors (e.g. on 422 from POST /v1/worlds). schemaVersion: type: string required: - detail securitySchemes: UserAuth: type: http scheme: bearer description: A Supabase user access token (for app/key management). ````