> ## Documentation Index
> Fetch the complete documentation index at: https://docs.orq.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# List capability catalog

> Returns the capability catalog: the set of permission domains that can be granted to an API key. Each entry includes the domain id, display name, group, allowed project scopes, and the read / write verb sets resolved at authorize() time. Drives the permissions UI in the dashboard.



## OpenAPI

````yaml get /v2/api-keys/capabilities
openapi: 3.1.0
info:
  title: orq.ai API
  version: '2.0'
  description: orq.ai API documentation
servers:
  - url: https://api.orq.ai
security:
  - ApiKey: []
tags:
  - description: List models available through the AI Router.
    name: Models
  - name: Guardrail Rules
  - name: Policies
  - name: Routing Rules
  - name: API keys
    description: >-
      API keys authenticate programmatic access to the workspace. The unified
      key model exposes opaque tokens, per-domain access grants, and budget /
      rate-limit constraints (see ADR 0001 and ADR 0002).
  - name: Budgets
    description: >-
      Budgets govern spend, token usage, and request rate across six scopes:
      workspace, project, identity, api-key, provider, and model. A budget is
      hierarchical and defense-in-depth — every applicable budget is a hard
      gate, and the most restrictive one wins per dimension (see ADR 0007).
  - name: Documentation
    description: >-
      Search the orq.ai documentation. Proxies the workspace's query to the
      hosted docs search index.
  - name: Files
    description: File upload and retrieval operations.
  - name: Identities
    description: >-
      Identities represent end users from your system for usage and engagement
      tracking.
  - name: Projects
    description: Projects organize resources within a workspace
  - name: Skills
    description: >-
      Skills are modular instructions you can use to codify processes and
      conventions
  - name: Responses
  - description: >-
      Run agents on a cadence — cron, interval, or one-off. Minimum firing
      interval is 1 hour.
    name: Agent Schedules
  - name: Embeddings
  - name: Reporting
    description: >-
      GenAI reporting API over canonical analytics rollups. Accepts a metric
      name, time range, grain, group-by, and filters; returns a typed time
      series and optional totals.
externalDocs:
  url: https://docs.orq.ai
  description: orq.ai Documentation
paths:
  /v2/api-keys/capabilities:
    get:
      tags:
        - API keys
      summary: List capability catalog
      description: >-
        Returns the capability catalog: the set of permission domains that can
        be granted to an API key. Each entry includes the domain id, display
        name, group, allowed project scopes, and the read / write verb sets
        resolved at authorize() time. Drives the permissions UI in the
        dashboard.
      operationId: ApiKeyListCapabilities
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListCapabilitiesResponse'
      x-code-samples:
        - lang: curl
          label: Core - List capability catalog
          source: |
            curl --request GET \
              --url 'https://api.orq.ai/v2/api-keys/capabilities' \
              --header 'Authorization: Bearer $ORQ_API_KEY'
        - lang: python
          label: Python - List capability catalog
          source: |
            import os
            from orq_ai_sdk import Orq

            client = Orq(api_key=os.environ["ORQ_API_KEY"])

            catalog = client.api_keys.list_capabilities()

            for domain in catalog.domains:
                print(domain.id, domain.display_name)
        - lang: typescript
          label: Node.js - List capability catalog
          source: |
            import { Orq } from '@orq-ai/node';

            const client = new Orq({
              apiKey: process.env.ORQ_API_KEY,
            });

            const catalog = await client.apiKeys.listCapabilities();

            for (const domain of catalog.domains) {
              console.log(domain.id, domain.displayName);
            }
components:
  schemas:
    ListCapabilitiesResponse:
      required:
        - domains
      type: object
      properties:
        domains:
          type: array
          items:
            $ref: '#/components/schemas/Domain'
          description: |-
            Full capability catalog. Order is stable: workspace-admin first,
             then platform, then gateway.
    Domain:
      type: object
      properties:
        id:
          type: string
          description: |-
            Stable domain identifier (e.g. "agent", "chat_completions"). Used
             as the key in ApiKey.access and as the verb prefix in resolved
             permissions (e.g. agent.list, agent.view, agent.create).
        display_name:
          type: string
          description: Human-readable label for the dashboard.
        group:
          type: integer
          description: Logical group used by the UI to render this entry.
          format: enum
        allowed_scopes:
          type: array
          items:
            type: integer
            format: enum
          description: |-
            Project scopes this domain may be granted under. A workspace-
             admin domain like `member` is typically SCOPE_MODE_ALL only.
        readable:
          type: boolean
          description: Whether this domain can be granted read access.
        writable:
          type: boolean
          description: Whether this domain can be granted write access.
      description: |-
        Domain describes a permission domain that can be granted to an
         API key. Verbs are derived from id + group + readable/writable.
  securitySchemes:
    ApiKey:
      type: http
      scheme: bearer
      bearerFormat: JWT

````