> ## Documentation Index > Fetch the complete documentation index at: https://docs.trulayer.ai/llms.txt > Use this file to discover all available pages before exploring further. # Count active API keys created by a member > Returns the number of non-revoked API keys the target member created within the caller's tenant (TRU-207). The dashboard calls this from the "remove member" confirmation flow to warn owners that deleting the user will orphan the "created by" attribution on the listed keys (the keys themselves survive — the FK is `ON DELETE SET NULL`). Reachable by every authenticated role; the count alone is not sensitive. ## OpenAPI ````yaml /api-reference/openapi.yaml get /v1/members/{id}/key-count openapi: 3.1.0 info: title: TruLayer API version: 0.1.0 description: | Trace ingestion, evaluation, query, and feedback API for TruLayer AI. ### Authentication Two auth schemes coexist: SDK API keys (`Authorization: Bearer tl_...`) and Clerk session JWTs (dashboard). Routes marked "requires Clerk auth" in their summary are unreachable via API key. ### Roles (TRU-234) Dashboard requests carry one of three organization roles: `owner`, `member`, `viewer`. Endpoints enforce role allowlists, not rank comparisons. See `docs/security.md` for the full role-permission matrix. - **owner** — full control including billing, member management, destructive deletes on failure-rules/model-routes/webhooks/eval-rules, control-loop execution, and DLQ resolution. - **member** — read + write (ingest, feedback, evals, API keys, projects, failure-rules, model-routes, webhooks). - **viewer** — read-only dashboard access plus compliance read access to `/v1/audit-log` and `/v1/dlq`. servers: - url: https://api.trulayer.ai description: Production - url: http://localhost:8080 description: Local development security: - BearerAuth: [] tags: - name: health - name: ingest - name: traces - name: metrics - name: feedback - name: evals - name: eval-rules - name: control - name: apikeys - name: model-routes - name: datasets - name: search - name: anomaly - name: webhooks - name: failure-rules - name: eval-runs - name: ci - name: otlp - name: billing - name: deprecations - name: audit - name: failures - name: projects - name: compliance - name: dsr - name: policies - name: members paths: /v1/members/{id}/key-count: get: tags: - members summary: Count active API keys created by a member description: | Returns the number of non-revoked API keys the target member created within the caller's tenant (TRU-207). The dashboard calls this from the "remove member" confirmation flow to warn owners that deleting the user will orphan the "created by" attribution on the listed keys (the keys themselves survive — the FK is `ON DELETE SET NULL`). Reachable by every authenticated role; the count alone is not sensitive. operationId: getMemberKeyCount parameters: - name: id in: path required: true schema: type: string format: uuid responses: '200': description: Active key count content: application/json: schema: $ref: '#/components/schemas/MemberKeyCountResponse' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' components: schemas: MemberKeyCountResponse: type: object required: - active_key_count properties: active_key_count: type: integer minimum: 0 description: | Number of non-revoked API keys the target member created within the caller's tenant (TRU-207). Returns `0` for pre-TRU-207 keys (where `created_by_user_id` is `NULL`) and for members who have not created any keys. ErrorResponse: type: object required: - error properties: error: type: string responses: BadRequest: description: Bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' Unauthorized: description: Missing or invalid credentials content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' NotFound: description: Resource not found content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' securitySchemes: BearerAuth: type: http scheme: bearer description: SDK API key (`tl_...`) or Clerk session JWT ````