Introspect the integration key.
const url = 'https://shiftagent.example.com/integration/self';const options = {method: 'GET', headers: {Authorization: 'Bearer <token>'}};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request GET \ --url https://shiftagent.example.com/integration/self \ --header 'Authorization: Bearer <token>'Returns the calling key’s principal: its root tenant, granted scopes, and the registered per-tenant approver keys (public metadata only — key IDs and algorithms, never secret material). Lets an adapter verify its configuration and discover its root tenant without any local state.
Authorizations
Section titled “Authorizations ”Responses
Section titled “ Responses ”The key principal.
The integration key’s identity, introspected.
object
The service key’s ID (not the secret).
Human-assigned key name.
Root of the key’s subtree — every tenant it provisions is a child of this tenant.
Coarse grants, e.g. tenants:write, users:write, roles:write, repositories:write, conversations:read_all, conversations:write.
Approver keys registered for this integration’s tenants (public metadata only).
Public metadata of a registered per-tenant approver key (registered out-of-band; secret material never exposed).
object
Referenced by ApprovalSignature.key_id.
Signature algorithm this key verifies.
RFC 3339 / ISO 8601 timestamp, UTC.
Examples
Adapter service key introspection
{ "object": "integration_principal", "key_id": "key_01hzx8int001", "name": "host-adapter", "root_tenant_id": "tnt_01hzx8root001", "scopes": [ "tenants:write", "users:write", "roles:write", "repositories:write", "conversations:read_all", "conversations:write" ], "approver_keys": [ { "key_id": "apk_01hzx8host001", "algorithm": "hmac-sha256", "created_at": "2026-07-01T12:00:00Z" } ]}Missing or invalid credentials — no bearer token, an unknown/revoked sk_int_ key, or an expired platform JWT.
RFC 9457 problem+json error envelope. type is a URI under https://shiftagent.example.com/problems/{slug} (deployment host substituted); see the API-level problem registry for every slug.
object
Problem type URI (registry slug).
Short, human-readable summary of the problem type.
HTTP status code.
Human-readable explanation specific to this occurrence.
URI reference identifying this occurrence.
Correlation ID for support and log lookup.
On name-conflict, external-id-conflict, and resource-in-use: the ID of the existing/depended-on resource — fetch it and continue (replay recovery).
On validation-error, field-level details.
object
JSON pointer to the offending field.
What failed.
Examples
Missing or invalid bearer token
{ "type": "https://shiftagent.example.com/problems/insufficient-scope", "title": "Unauthorized", "status": 401, "detail": "Provide a valid sk_int_ service key or platform JWT.", "request_id": "req_01hzx8auth001"}