List the org's API keys
Secret-free projection only — never the hash, never the plaintext. Any session role may list.
承認
The dashboard's signed, HttpOnly session cookie (packages/service/src/auth.ts): base64url(payload).base64url(hmac-sha256), absolute 30-day lifetime, SameSite=Lax, Secure on any TLS deployment. Minted by POST /api/auth/signup or POST /api/auth/login (or, outside production, auto-provisioned by GET /api/session). Because it is HttpOnly, it cannot be read or attached by a browser-based API-reference "Try it" panel across origins — exercise these routes with a real logged-in browser session or a cookie-jar HTTP client.
レスポンス
The org's keys.