User ManagementUsers
Review User-Owned API Keys
Inspect user-scoped runtime credentials from the user detail page.
Review User-Owned API Keys
User-owned keys are runtime credentials. They must be reviewed separately from the user's UI role.
For key behavior, see Virtual API Keys. For model grants, see Models. For MCP grants, see MCP Servers.
Open the user detail page.
Find the API Keys section.
Review active keys owned by the user.
Open any key that needs deeper inspection.
Check model access, MCP access, expiry, rotation status, budgets, quotas, and usage.