Reference / API Keys

Rotate an API key: revoke it and mint a replacement with the same name, scopes, and expiry. The old secret stops working immediately; the new secret is returned once.

POST /v1/api-keys/{id}/rotate
Secret API key operationId: rotate

Authorization

Server-to-server. Send a secret key as a Bearer token plus the x-application-id header.

Path parameters

  • id string<uuid> required

    API key id

Responses

200 Rotated (new secret shown once)
{
  "data": {
    "active": false,
    "created_at": "2026-01-15T09:30:00Z",
    "expires_at": "2026-01-15T09:30:00Z",
    "id": "018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f",
    "last_used_at": "2026-01-15T09:30:00Z",
    "name": "string",
    "revoked_at": "2026-01-15T09:30:00Z",
    "scopes": [
      "string"
    ],
    "secret": "string"
  },
  "error": {
    "code": "string",
    "message": "string"
  },
  "meta": {
    "timestamp": "string"
  },
  "success": false
}
404 Not found
409 Already revoked

Request

curl -X POST "http://localhost:8080/v1/api-keys/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f/rotate" \

Try it

live request
POST http://localhost:8080/v1/api-keys/018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f/rotate

Path parameters