> ## Documentation Index
> Fetch the complete documentation index at: https://docs.flexslot.gg/llms.txt
> Use this file to discover all available pages before exploring further.

# Read the calling user's partner row

> Returns the Partner row owned by the user attached to the calling PAT. Never returns the signing-secret hash or the API-key hash. Use this to read scopes, allowed_origins, rate_limit_tier, etc. before deciding whether to issue a rotation or scope-change request.



## OpenAPI

````yaml /openapi.json get /api/public/v1/me/partner
openapi: 3.0.3
info:
  title: Flexslot API
  version: 1.0.0
  description: API documentation for Flexslot decks application
servers:
  - url: https://api.flexslot.gg
    description: Production
  - url: https://api-dev.flexslot.gg
    description: Development
security: []
paths:
  /api/public/v1/me/partner:
    get:
      tags:
        - Me
      summary: Read the calling user's partner row
      description: >-
        Returns the Partner row owned by the user attached to the calling PAT.
        Never returns the signing-secret hash or the API-key hash. Use this to
        read scopes, allowed_origins, rate_limit_tier, etc. before deciding
        whether to issue a rotation or scope-change request.
      operationId: me_partner_detail
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PartnerSelf'
          description: ''
      security:
        - PersonalAccessToken: []
        - OAuth2Bearer: []
components:
  schemas:
    PartnerSelf:
      type: object
      description: |-
        Self-serializer for /me/partner.

        Returns only what's safe to surface to the partner owner. The signing
        secret hash and API key hash are NEVER included — they're sha256 outputs
        but exposing them would let an attacker who exfiltrated a hash
        independently verify guesses against the auth backend without ever
        hitting the rate limiter, so we treat them as secrets too.
      properties:
        id:
          type: string
          format: uuid
          readOnly: true
        slug:
          type: string
          readOnly: true
          pattern: ^[-a-zA-Z0-9_]+$
        name:
          type: string
          readOnly: true
        contact_email:
          type: string
          format: email
          readOnly: true
        website_url:
          type: string
          format: uri
          readOnly: true
        api_key_prefix:
          type: string
          readOnly: true
        scopes:
          type: array
          items:
            type: string
            maxLength: 64
          readOnly: true
        game_scopes:
          type: array
          items:
            type: string
            maxLength: 32
            pattern: ^[-a-zA-Z0-9_]+$
          readOnly: true
        allowed_origins:
          type: array
          items:
            type: string
            format: uri
            maxLength: 200
          readOnly: true
        rate_limit_tier:
          allOf:
            - $ref: '#/components/schemas/RateLimitTierEnum'
          readOnly: true
        status:
          allOf:
            - $ref: '#/components/schemas/OAuth2ClientStatusEnum'
          readOnly: true
        secret_rotated_at:
          type: string
          format: date-time
          readOnly: true
          nullable: true
        last_used_at:
          type: string
          format: date-time
          readOnly: true
          nullable: true
        created_at:
          type: string
          format: date-time
          readOnly: true
        updated_at:
          type: string
          format: date-time
          readOnly: true
      required:
        - allowed_origins
        - api_key_prefix
        - contact_email
        - created_at
        - game_scopes
        - id
        - last_used_at
        - name
        - rate_limit_tier
        - scopes
        - secret_rotated_at
        - slug
        - status
        - updated_at
        - website_url
    RateLimitTierEnum:
      enum:
        - standard
        - premium
      type: string
      description: |-
        * `standard` - Standard (1000/min)
        * `premium` - Premium (20000/min)
    OAuth2ClientStatusEnum:
      enum:
        - active
        - suspended
        - revoked
      type: string
      description: |-
        * `active` - Active
        * `suspended` - Suspended
        * `revoked` - Revoked
      x-enum-varnames:
        - ACTIVE
        - SUSPENDED
        - REVOKED
      x-enum-descriptions:
        - Active
        - Suspended
        - Revoked
  securitySchemes:
    PersonalAccessToken:
      type: http
      scheme: bearer
      bearerFormat: flx_pat_...
      description: 'User-issued personal access token (format: flx_pat_<token>).'
    OAuth2Bearer:
      type: http
      scheme: bearer
      bearerFormat: flx_at_...
      description: >-
        OAuth2 access token issued via the authorization-code + PKCE flow
        (format: flx_at_<token>). Grants the partner user-scoped access to act
        on behalf of the consenting end-user.

````