Skip to main content

Revoke an API key

POST 

/api-keys/:id/revoke

Soft-deletes (revokes) an API key by recording a revoked_at timestamp. The key record is retained in the database but is rejected by the authentication middleware. To permanently remove the record, use DELETE /api-keys/{id}.

Regular users may only revoke their own keys. Administrators may revoke any key.

Request

Responses

API key revoked successfully.