> ## Documentation Index > Fetch the complete documentation index at: https://docs.whitebit.com/llms.txt > Use this file to discover all available pages before exploring further. # Check OAuth API key existence > Check whether an OAuth-issued API key already exists for the authenticated user and OAuth2 client pair. ## Authentication OAuth 2.0 Bearer token. Required scope: `apikeys.read`. See [Authentication](/api-reference/authentication). The endpoint is available on `https://whitebit.com` only. ## Cache No caching. ## Notes Use the decision matrix below to interpret the `(exists, isEnabled)` response and choose the next action. | `exists` | `isEnabled` | Meaning | Recommended action | | -------- | ----------- | ---------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------- | | `false` | `false` | No partner-issued API key exists for this `(user, OAuth2 client)` pair. | Start the OAuth API key flow. | | `true` | `true` | An active partner-issued API key already exists. | Skip the OAuth API key flow. Surface "an active API key for this partner already exists" to the user. | | `true` | `false` | A disabled partner-issued API key exists (post-inactivity, awaiting user-side deletion). | Skip the OAuth API key flow. Ask the user to delete the disabled key from the WhiteBIT dashboard, then retry. | * Call the endpoint before redirecting the user to the OAuth authorization screen. Skipping the redirect when a key already exists avoids a flow the platform rejects. * Disabled keys are not deletable through the OAuth2 partner endpoint. Disabled keys are removed by the user from the WhiteBIT dashboard. * See [Retrieve OAuth API key secret](/api-reference/oauth/usage/api-key-secret) for the secret-fetch step and [Delete OAuth API key](/api-reference/oauth/usage/api-key-delete) for partner-initiated revocation. ## OpenAPI ````yaml /openapi/oauth2.yaml GET /oauth2/api-key/info openapi: 3.0.3 info: title: OAuth 2.0 API Reference description: WhiteBIT OAuth 2.0 API for authentication and account management version: 1.0.0 servers: - url: https://whitebit.com description: WhiteBIT Global Server - url: https://whitebit.eu description: WhiteBIT EU Server security: [] tags: - name: Authentication description: > OAuth 2.0 authentication endpoints for obtaining and refreshing access tokens. Available Scopes (requested during client setup): - general: General API access - show.userinfo: Access to basic user information - users.read: Read user data - users.email.read: Read user email information - users.kyc.read: Information about whether a user has passed KYC verification - orders.read: Read trading orders - orders.create: Create trading orders - orders.delete: Delete trading orders - balances.read: Read account balances - markets.read: Read market information - deals.read: Read trading deals - orders_history.read: Read order history - users.transactions.read: Read user transactions - users.converts.read: Read currency conversion history - users.balances.read: Read user account balances - users.orders.read: Read user orders - users.deals.read: Read user deals - apikeys.create: Issue an OAuth-bound API key during the consent flow - apikeys.read: Read OAuth-issued API key state and retrieve its secret once - apikeys.delete: Delete an OAuth-issued API key linked to the partner - name: Account Endpoints description: >- Endpoints for retrieving account information, balances, and transaction history - name: OAuth API Keys description: > Partner-facing endpoints for managing API keys created via the OAuth API key flow. Available on the global server (`https://whitebit.com`) only. The EU server (`https://whitebit.eu`) does not expose these endpoints in this release. Required scopes: - `apikeys.read` for `GET /oauth2/api-key/info` and `GET /oauth2/api-key/{externalId}/secret` - `apikeys.delete` for `DELETE /oauth2/api-key/{externalId}` paths: /oauth2/api-key/info: get: tags: - OAuth API Keys summary: Check OAuth API key existence description: > The endpoint returns whether a partner-issued API key already exists for the authenticated user and OAuth2 client pair. Use the endpoint before redirecting the user to the OAuth API key flow — when a key already exists, skip the redirect and surface the appropriate message to the user. **Required scope:** `apikeys.read`. **Region availability:** The endpoint is available on the global server (`https://whitebit.com`) only. responses: '200': description: Successful response content: application/json: schema: type: object properties: data: type: object properties: exists: type: boolean description: >- A partner-issued API key exists for the authenticated user and OAuth2 client pair. example: true isEnabled: type: boolean description: >- The existing key is active. `false` when no key exists or when a key exists but is disabled (post-inactivity, awaiting user deletion from the dashboard). example: true externalId: type: string format: uuid nullable: true description: >- External UUID of the existing key. `null` when `exists` is `false`. example: 550e8400-e29b-41d4-a716-446655440000 '401': description: >- Missing or invalid Bearer token, or token does not carry the `apikeys.read` scope. content: application/json: schema: type: object properties: data: type: object properties: message: type: array items: type: string example: - Unauthorized. security: - BearerAuth: [] servers: - url: https://whitebit.com description: WhiteBIT Global Server components: securitySchemes: BearerAuth: type: http scheme: bearer bearerFormat: JWT description: > OAuth 2.0 Bearer Token authentication. Include the access token in the Authorization header. Example: `Authorization: Bearer YOUR_ACCESS_TOKEN` ````