diff --git a/roda-ui/roda-wui/src/main/java/org/roda/wui/api/v2/controller/MembersController.java b/roda-ui/roda-wui/src/main/java/org/roda/wui/api/v2/controller/MembersController.java
index a9202723c3..5b74fe2eda 100644
--- a/roda-ui/roda-wui/src/main/java/org/roda/wui/api/v2/controller/MembersController.java
+++ b/roda-ui/roda-wui/src/main/java/org/roda/wui/api/v2/controller/MembersController.java
@@ -187,7 +187,14 @@ public AccessKeys getAccessKeysByUser(String username) {
 
     try {
       controllerAssistant.checkRoles(requestContext.getUser());
-      return RodaCoreFactory.getModelService().listAccessKeysByUser(username);
+      if (membersService.retrieveUser(username).getId() == null) {
+        throw new NotFoundException("User not found");
+      }
+      AccessKeys accessKeys = RodaCoreFactory.getModelService().listAccessKeysByUser(username);
+      for (AccessKey accessKey : accessKeys.getObjects()){
+        accessKey.setKey(null);
+      }
+      return accessKeys;
     } catch (RODAException e) {
       state = LogEntryState.FAILURE;
       throw new RESTException(e);
diff --git a/roda-ui/roda-wui/src/main/java/org/roda/wui/client/services/MembersRestService.java b/roda-ui/roda-wui/src/main/java/org/roda/wui/client/services/MembersRestService.java
index 3dfe6c268b..20bbae54aa 100644
--- a/roda-ui/roda-wui/src/main/java/org/roda/wui/client/services/MembersRestService.java
+++ b/roda-ui/roda-wui/src/main/java/org/roda/wui/client/services/MembersRestService.java
@@ -216,8 +216,8 @@ Void deleteUserAccessKeys(
   Void deleteAccessKey(
     @Parameter(description = "The access key id ") @PathVariable(name = RodaConstants.API_PATH_PARAM_NAME) String accessKeyId);
 
-  @RequestMapping(path = "/users/accesskey/list/{" + RodaConstants.API_PATH_PARAM_NAME
-    + "}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
+  @RequestMapping(path = "/users/{" + RodaConstants.API_PATH_PARAM_NAME
+    + "}/access-keys", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
   @Operation(summary = "Get user access keys list", description = "Gets a particular user access keys", responses = {
     @ApiResponse(responseCode = "200", description = "OK", content = @Content(schema = @Schema(implementation = AccessKeys.class))),
     @ApiResponse(responseCode = "404", description = "Not found", content = @Content(schema = @Schema(implementation = ErrorResponseMessage.class)))})