Layers
Partner APIAPI referenceOrganizations

GET /v1/whoami

Introspect the API key — organization, rate-limit tier, kill-switch.

View as Markdown
GET/v1/whoami
Phase 1stable
Auth
X-Api-Key

Resolves the API key to its organization and returns a small payload you can use to fail fast if the key is misconfigured. Treat this as a cheap liveness probe, a boot-time sanity check, and the canonical way to render "you are authenticated as" in your UI.

A key is bound to exactly one Layers organization. If the org has been revoked (apiAccessRevoked: true) or the key was killed (killSwitch: true), downstream calls return 503 KILL_SWITCHwhoami lets you detect that before making any other call.

Headers
  • X-Api-Key
    stringrequired
    Partner API key. Format lp_<env>_<key_id>_<secret>. Authorization: Bearer <key> is accepted as a fallback.

Example request

curl https://api.layers.com/v1/whoami \
  -H "X-Api-Key: $LAYERS_API_KEY"
const res = await fetch("https://api.layers.com/v1/whoami", {
  headers: { "X-Api-Key": process.env.LAYERS_API_KEY! },
});
const me = await res.json();
import os, requests

res = requests.get(
    "https://api.layers.com/v1/whoami",
    headers={"X-Api-Key": os.environ["LAYERS_API_KEY"]},
)
me = res.json()

Response

200OK
{
  "organizationId": "2481fa5c-a404-44ed-a561-565392499abc",
  "workspaceId": "2481fa5c-a404-44ed-a561-565392499abc",
  "organizationName": "Acme Growth",
  "scopes": [],
  "rateLimitTier": "standard",
  "killSwitch": false,
  "apiAccessRevoked": false,
  "apiKeyId": "c2037bb9-354d-4662-96b7-97a28ad6b6e1",
  "creditBalance": 2540
}

Field notes

  • organizationId and workspaceId are UUIDs. Today they resolve to the same value for partner keys; a future workspace split may diverge them.
  • scopes is present for forward-compat. Partner keys today carry org-level access and the list is returned empty. A future release will populate this with the granular scope set — don't key behavior off length until then.
  • rateLimitTier reflects the key's bucket. standard is the default for self-serve partner keys; higher tiers (pilot, partner) are provisioned by Layers for design-partner and enterprise accounts. The fourth value, internal, identifies Layers-owned keys (admin tooling, internal dashboards) — partners will never see this on a self-serve key but the field is typed against the full enum, so don't hard-error on unknown values.
  • killSwitch and apiAccessRevoked are the two "stop the world" signals. If either is true, stop issuing requests and page your Layers contact.
  • apiKeyId is safe to log — it's the public identifier of the key used for rate-limit attribution.
  • creditBalance is the org's full wallet — includedRemaining + prepaidBalance at call time. Use this to gate a generate call without a second RTT to GET /v1/credits. Poll /credits directly when you need the detailed breakdown (per-format estimates, billing period, ingest-cost flags).

Response headers

Every response carries:

  • X-Request-Id: req_<ulid> — echo in your logs when filing a support ticket.
  • X-Layers-Api-Version: v1 — informational.
  • X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-RateLimit-Endpoint-Class, X-RateLimit-Tier. See rate limits.

Errors

StatusCodeWhen
401UNAUTHENTICATEDMissing, malformed, or unrecognized key.
402BILLING_EXHAUSTEDOrg's plan does not include partner API access. details.minTier names the required tier.
503KILL_SWITCHKey or organization has been disabled. The error message names the reason.

See also

Organizations

Resolve your API key back to its organization, credit balance, and rate-limit tier.

API keys

Self-serve key lifecycle — rotate on a schedule, delete when decommissioning a service, kill immediately on a suspected leak.

On this page

Example requestResponseField notesResponse headersErrorsSee also