diff --git a/src/api/encryption_keys_get.c b/src/api/encryption_keys_get.c
new file mode 100644
index 0000000000000000000000000000000000000000..9fa370fd94a2115b3e3d35d52f90ed7a328a66d7
--- /dev/null
+++ b/src/api/encryption_keys_get.c
@@ -0,0 +1,77 @@
+/**
+ * Callback function to view luks encryption slot usage.
+ * @param[in]   request   incoming HTTP request
+ * @param[out]  response  HTTP response to the request
+ * @param[in]   user_data extra data to pass between main thread and callbacks
+ * @return                internal status code
+ */
+int callback_encryption_keys_get(const struct _u_request * request,
+    struct _u_response * response, void * user_data)
+{
+    int r;
+
+    // Initialise encrypted container.
+    struct crypt_device * cd = NULL;
+    r = container_initialise(&cd, DATA_PARTITION_DEVICE, true);
+    if (r < 0)
+    {
+        crypt_free(cd);
+    }
+    if (r != 0)
+    {
+        printf("container_initialise failed with status %d\n", r);
+        return send_simple_response(response, 500, "error",
+            "initialising encrypted container failed");
+    }
+
+    json_t * keys = json_object();
+    json_t * key;
+    char * field;
+    bool in_use;
+    bool last_used;
+    int keyslot = 0;
+    for (keyslot = 0; keyslot <= 7; keyslot++)
+    {
+        // Create new json object containing info for this keyslot.
+        key = json_object();
+
+        // Get keyslot status.
+        crypt_keyslot_info keyslot_status = crypt_keyslot_status(cd, keyslot);
+
+        // Convert info to our format of two booleans.
+        switch (keyslot_status)
+        {
+            case CRYPT_SLOT_ACTIVE:
+                in_use = true;
+                last_used = false;
+                break;
+            case CRYPT_SLOT_ACTIVE_LAST:
+                in_use = true;
+                last_used = true;
+                break;
+            default:
+                in_use = false;
+                last_used = false;
+        }
+
+        // Populate keyslot json object with info.
+        json_object_set_new(key, "in-use",
+            in_use ? json_true() : json_false());
+        json_object_set_new(key, "last-used",
+            last_used ? json_true() : json_false());
+
+        // Add keyslot json object to json response.
+        asprintf(&field, "%d", keyslot);
+        json_object_set_new(keys, field, key);
+    }
+
+    // Create json response.
+    json_t * json_body = NULL;
+    json_body = json_object();
+    json_object_set_new(json_body, "encryption-keys", keys);
+
+    // Send response.
+    ulfius_set_json_body_response(response, 200, json_body);
+    json_decref(json_body);
+    return U_CALLBACK_CONTINUE;
+}
diff --git a/src/cryptops-api.c b/src/cryptops-api.c
index 87dc0d6953fa5636df908c5564c78e0978f70e83..58ac3ddb4da9abb9e2acdef81f358e5451376e81 100644
--- a/src/cryptops-api.c
+++ b/src/cryptops-api.c
@@ -10,6 +10,7 @@
 #include <api/encryption_init_post.c>
 #include <api/encryption_remove_post.c>
 #include <api/encryption_unlock_post.c>
+#include <api/encryption_keys_get.c>
 #include <api/encryption_keys_put.c>
 #include <api/ssh_keys_get.c>
 #include <api/ssh_keys_put.c>
@@ -54,6 +55,9 @@ int main(int argc, char ** argv)
     ulfius_add_endpoint_by_val(&instance, "POST", PREFIX,
         "/encryption/unlock",
         0, &callback_encryption_unlock_post, NULL);
+    ulfius_add_endpoint_by_val(&instance, "GET" , PREFIX,
+        "/encryption/keys",
+        0, &callback_encryption_keys_get, NULL);
     ulfius_add_endpoint_by_val(&instance, "PUT" , PREFIX,
         "/encryption/keys/:slot",
         0, &callback_encryption_keys_put, NULL);