Key Introspection
A single endpoint that validates the caller's API key and returns who it belongs to: organization, tenant, the key's own metadata, and its effective rate limit.
GET
/meWho am IValidates the caller's API key (any scope) and returns who it belongs to: the organization (name, domain, plan tier), tenant, the key's own metadata, and its effective rate limit. A 200 proves the key authenticates; the SDKs' validate() targets this endpoint. Never returns sibling keys, dashboard users, billing internals, or IP rules, so a stolen key learns nothing here that widens its blast radius. Responses are sent with Cache-Control: no-store.
GET /me
Authorization: Bearer invoance_live_xxx