Identity

Inspect the api-key and its scope

GET/whoami

Returns the identity of the api-key holder and, when the key has catalogue access, the access scope (group + permissions).

Use this as the first call from any new integration to verify the key is active (cmsAccess: true) and that imageProviderDefault matches what you expect.

X-Api-Key<token>

Issued to you when your integration is provisioned. Determines which catalogue resources are visible and which AI tools are available.

In: header

Query Parameters

detailed?"1"

When set to 1, the permissions array also includes the (potentially noisy) field-level permission codes. Omit unless you're debugging.

Value in

  • "1"

Response Body

application/json

application/json

curl -X GET "https://example.com/whoami"
{  "data": {    "apiUser": {      "ref": 1,      "username": "customer_external_api",      "accountName": "Customer External API",      "enabled": true,      "linkedUserRef": 0    },    "cmsUser": {      "ref": 1024,      "username": "api_service_account",      "usergroup": 12,      "usergroupName": "API consumers",      "isAdmin": true,      "permissions": [        "string"      ]    },    "cmsAccess": true,    "imageProviderDefault": "openai"  }}

{  "success": false,  "status": "fail",  "message": "API key is required",  "error": {    "code": "NO_API_KEY",    "message": "API key is required"  }}