# GET /v1/whoami (/docs/api/reference/organizations/whoami)
Resolves the API key to its organization and returns a small payload you can use to fail fast if the key is misconfigured. Treat this as a cheap liveness probe, a boot-time sanity check, and the canonical way to render "you are authenticated as" in your UI.
A key is bound to exactly one Layers organization. If the org has been revoked (`apiAccessRevoked: true`) or the key was killed (`killSwitch: true`), downstream calls return `503 KILL_SWITCH` — `whoami` lets you detect that before making any other call.
## Example request [#example-request]
```bash
curl https://api.layers.com/v1/whoami \
-H "X-Api-Key: $LAYERS_API_KEY"
```
```ts
const res = await fetch("https://api.layers.com/v1/whoami", {
headers: { "X-Api-Key": process.env.LAYERS_API_KEY! },
});
const me = await res.json();
```
```python
import os, requests
res = requests.get(
"https://api.layers.com/v1/whoami",
headers={"X-Api-Key": os.environ["LAYERS_API_KEY"]},
)
me = res.json()
```
## Response [#response]
```json
{
"organizationId": "2481fa5c-a404-44ed-a561-565392499abc",
"workspaceId": "2481fa5c-a404-44ed-a561-565392499abc",
"organizationName": "Acme Growth",
"scopes": [],
"rateLimitTier": "standard",
"killSwitch": false,
"apiAccessRevoked": false,
"apiKeyId": "c2037bb9-354d-4662-96b7-97a28ad6b6e1",
"creditBalance": 2540
}
```
### Field notes [#field-notes]
* `organizationId` and `workspaceId` are UUIDs. Today they resolve to the same value for partner keys; a future workspace split may diverge them.
* `scopes` is present for forward-compat. Partner keys today carry org-level access and the list is returned empty. A future release will populate this with the granular scope set — don't key behavior off length until then.
* `rateLimitTier` reflects the key's bucket. `standard` is the default for self-serve partner keys; higher tiers (`pilot`, `partner`) are provisioned by Layers for design-partner and enterprise accounts. The fourth value, `internal`, identifies Layers-owned keys (admin tooling, internal dashboards) — partners will never see this on a self-serve key but the field is typed against the full enum, so don't hard-error on unknown values.
* `killSwitch` and `apiAccessRevoked` are the two "stop the world" signals. If either is `true`, stop issuing requests and page your Layers contact.
* `apiKeyId` is safe to log — it's the public identifier of the key used for rate-limit attribution.
* `creditBalance` is the org's full wallet — `includedRemaining + prepaidBalance` at call time. Use this to gate a generate call without a second RTT to [`GET /v1/credits`](/docs/api/reference/credits/get-credits). Poll `/credits` directly when you need the detailed breakdown (per-format estimates, billing period, ingest-cost flags).
## Response headers [#response-headers]
Every response carries:
* `X-Request-Id: req_` — echo in your logs when filing a support ticket.
* `X-Layers-Api-Version: v1` — informational.
* `X-RateLimit-Limit`, `X-RateLimit-Remaining`, `X-RateLimit-Reset`, `X-RateLimit-Endpoint-Class`, `X-RateLimit-Tier`. See [rate limits](/docs/api/operational/rate-limits).
## Errors [#errors]
| Status | Code | When |
| ------ | ------------------- | ------------------------------------------------------------------------------------------ |
| 401 | `UNAUTHENTICATED` | Missing, malformed, or unrecognized key. |
| 402 | `BILLING_EXHAUSTED` | Org's plan does not include partner API access. `details.minTier` names the required tier. |
| 503 | `KILL_SWITCH` | Key or organization has been disabled. The error message names the reason. |
## See also [#see-also]
* [Authentication](/docs/api/getting-started/authentication) — key format, header precedence, rotation.
* [API keys](/docs/api/concepts/api-keys) — lifecycle, revocation, kill-switch.
* [Rate limits](/docs/api/operational/rate-limits) — tier quotas and 429 handling.