## GET /api/v2/vps/{id}/ssh-keys

**List VPS SSH keys**

Return the caller's SSH-key inventory in the context of an owned VPS. SSH keys are account-scoped, but this route validates VPS ownership first. Get `{id}` from `GET /api/v2/vps` `data[].id`. Use returned `sshKeys[].id` values with `POST /api/v2/vps/{id}/actions/reset-ssh-keys`.

### Related Endpoints

- `POST /api/v2/vps/{id}/actions/reset-ssh-keys`: Reset VPS SSH keys
- `GET /api/v2/ssh-keys`: List VPS SSH keys
- `POST /api/v2/ssh-keys`: Create VPS SSH key

### Headers

- `Accept`: application/json
- `Authorization`: Bearer YOUR_API_KEY
- Required API scope: `read:vm`

### Parameters

- `id` (path, string, required): Public VPS ID from `GET /api/v2/vps` `data[].id`. Do not invent this value; use the exact ID returned by the referenced API response. Example: `vps_01hxa3b4c5d6e7f8g9h0j1k2m3`

### Request Example

```bash
curl -X GET "https://cloud.hostup.se/api/v2/vps/vps_01hxa3b4c5d6e7f8g9h0j1k2m3/ssh-keys" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Accept: application/json"
```

### Response Schema

- `sshKeys` (array<object>, optional)
- `sshKeys[].id` (string, required) Example: `ssh_01hxa3b4c5d6e7f8g9h0j1k2m3`
- `sshKeys[].displayId` (string, optional): Compatibility display fallback on VPS-scoped SSH-key reads. Prefer `name` and `fingerprint`. Example: `deploy-key`
- `sshKeys[].name` (string, required) Example: `deploy-key`
- `sshKeys[].publicKey` (string, required) Example: `ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE9wZW5BUElFeGFtcGxlS2V5TWF0ZXJpYWwxMjM0 ops@example.com`
- `sshKeys[].fingerprint` (string,null, required) Example: `SHA256:8pQ3ExampleFingerprintForDocsOnly`
- `sshKeys[].keyType` (string, required) Example: `ed25519`
  Allowed values: rsa, ed25519, ecdsa, dsa, unknown
- `sshKeys[].createdAt` (string,null, required) Example: `null`
- `sshKeys[].lastUsedAt` (string,null, optional): Only present on VPS-scoped SSH-key inventory when upstream reports last use. Example: `null`
- `sshKeys[].actions` (object, optional): Present on the account-level SSH-key inventory.
- `sshKeys[].actions.canRename` (object, optional)
- `sshKeys[].actions.canRename.allowed` (boolean, required) Example: `true`
- `sshKeys[].actions.canRename.reason` (string,null, required) Example: `null`
- `sshKeys[].actions.canRename.code` (string,null, optional): Machine-readable reason code when an action is blocked. Example: `pending_order`
- `sshKeys[].actions.canDelete` (object, optional)
- `sshKeys[].actions.canDelete.allowed` (boolean, required) Example: `true`
- `sshKeys[].actions.canDelete.reason` (string,null, required) Example: `null`
- `sshKeys[].actions.canDelete.code` (string,null, optional): Machine-readable reason code when an action is blocked. Example: `pending_order`

### Responses

#### 200 - Account SSH keys available for this VPS flow.
```json
{
  "sshKeys": [
    {
      "id": "ssh_01hxa3b4c5d6e7f8g9h0j1k2m3",
      "displayId": "deploy-key",
      "name": "deploy-key",
      "publicKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE9wZW5BUElFeGFtcGxlS2V5TWF0ZXJpYWwxMjM0 ops@example.com",
      "fingerprint": "SHA256:8pQ3ExampleFingerprintForDocsOnly",
      "keyType": "ed25519",
      "createdAt": null,
      "lastUsedAt": null
    }
  ]
}
```

#### 400 - Invalid request. The response body is an RFC 7807 Problem Details document.
```json
{
  "type": "https://developer.hostup.se/errors/invalid_request",
  "title": "Invalid request",
  "status": 400,
  "detail": "The request body failed validation.",
  "code": "invalid_request",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z",
  "errors": [
    {
      "pointer": "/items/0/domainName",
      "detail": "`domainName` is required.",
      "code": "invalid_request"
    }
  ]
}
```

#### 401 - Unauthorized. Authentication is required.
```json
{
  "type": "https://developer.hostup.se/errors/unauthorized",
  "title": "Unauthorized",
  "status": 401,
  "detail": "Authentication is required.",
  "code": "unauthorized",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 403 - Forbidden. The caller lacks a required scope or does not own the resource.
```json
{
  "type": "https://developer.hostup.se/errors/forbidden",
  "title": "Forbidden",
  "status": 403,
  "detail": "The caller lacks a required scope or does not own the resource.",
  "code": "forbidden",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 404 - Not found. The resource does not exist or is not owned by the caller.
```json
{
  "type": "https://developer.hostup.se/errors/not_found",
  "title": "Not found",
  "status": 404,
  "detail": "The requested resource could not be found.",
  "code": "not_found",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 429 - Rate limited. Retry after the limit resets. 429 responses include `Retry-After` seconds plus `X-RateLimit-*` headers.
```json
{
  "type": "https://developer.hostup.se/errors/rate_limit_exceeded",
  "title": "Too many requests",
  "status": 429,
  "detail": "Too many requests. Retry after the limit resets.",
  "code": "rate_limit_exceeded",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 500 - Internal error. Retry later or contact support if the issue persists.
```json
{
  "type": "https://developer.hostup.se/errors/internal_error",
  "title": "Internal server error",
  "status": 500,
  "detail": "An unexpected error occurred. Retry later or contact support if the issue persists.",
  "code": "internal_error",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```