GET /auth/pubkeys

List session keys registered to a merchant address. Useful when rotating keys: read the registry, register the new key, then deregister the old one.

Request

GET /auth/pubkeys?owner=0xMerchant…

Query	Required	Notes
`owner`	yes	The merchant address whose registered keys you want.

Strict-auth deployments require the session-signed headers; soft-auth treats them as optional but still validates them when present.

Response

200 OK

{
  "ownerAddress": "0xMerchant…",
  "pubkeys": [
    {
      "publicKey": "0x04abc…",
      "registeredAt": 1730393820,
      "expiresAt": 1738169820,
      "lastSeenNonce": 1730450123456
    }
  ]
}

lastSeenNonce is the highest nonce the server has accepted for that key — your next signed call must use a strictly greater value.

GET /auth/pubkeys

Request​

Response​

Request

Response