Skip to main content

Revoke an API key

DELETE 

/api/v1/auth/api-keys/:key_id

Revoke one of the caller's API keys (soft delete).

After revocation the key is rejected at authentication time. The stored record is retained and a revocation audit event is emitted.

  • Router-gated by release_api_keys (404 when off).
  • 400 if the key is already revoked.
  • 404 if the key does not belong to the caller.
  • API-key scope required: api_keys:revoke.

Request

Responses

Successful Response