# Scopes attached to the calling key

`GET /v1/_scopes`

- Authentication: required (Bearer token)

Returns the scopes attached to the calling API key plus the key's
identity (UUID, prefix, and environment `live`/`test`). Use this to
verify a key authenticates correctly before issuing real traffic, and
to confirm a recent scope change has taken effect. Any valid key may
call this endpoint — no specific scope is required. Scope changes can
take up to a few minutes to be reflected here.

## Example request

```bash
curl 'https://api.sendops.dev/v1/_scopes' \
  -H "Authorization: Bearer $SENDOPS_API_KEY"
```

## Responses

### 200 — Scopes resolved from the cached API key

Content type: `application/json`

```json
{
  "key_id": "00000000-0000-0000-0000-000000000000",
  "prefix": "sk_live_abc12345",
  "environment": "live",
  "scopes": [
    "string"
  ]
}
```

### 401 — Missing, malformed, or unknown API key

Content type: `application/problem+json`

```json
{
  "type": "https://example.com",
  "title": "string",
  "status": 0,
  "detail": "string",
  "code": "invalid_key",
  "request_id": "string",
  "retry_after": 0,
  "retention_days": 0,
  "scope": "string",
  "resource": "string",
  "errors": [
    {
      "field": "string",
      "reason": "string"
    }
  ]
}
```

### 429 — Per-org rate limit exceeded

Content type: `application/problem+json`

```json
{
  "type": "https://example.com",
  "title": "string",
  "status": 0,
  "detail": "string",
  "code": "invalid_key",
  "request_id": "string",
  "retry_after": 0,
  "retention_days": 0,
  "scope": "string",
  "resource": "string",
  "errors": [
    {
      "field": "string",
      "reason": "string"
    }
  ]
}
```