Revoke API Key
Revoke an active API key to permanently disable it.
POST /api/api-keys/:id/revoke
Revoke an API key owned by the authenticated user. Once revoked, the key can no longer be used for authentication. This is a soft delete — the key record is preserved for audit purposes.
Auth: Required — MANAGE_API_KEYS permission
Path Parameters
| Parameter | Type | Description |
|---|---|---|
id | string | UUID of the API key to revoke |
Example
curl -X POST https://api.reten.ai/api/api-keys/f47ac10b-58cc-4372-a567-0e02b2c3d479/revoke \
-H "Authorization: Bearer <token>" \
-H "x-tenant-id: <tenant-id>"const keyId = "f47ac10b-58cc-4372-a567-0e02b2c3d479";
const response = await fetch(`https://api.reten.ai/api/api-keys/${keyId}/revoke`, {
method: "POST",
headers: {
"Authorization": "Bearer <token>",
"x-tenant-id": "<tenant-id>",
},
});import requests
key_id = "f47ac10b-58cc-4372-a567-0e02b2c3d479"
response = requests.post(
f"https://api.reten.ai/api/api-keys/{key_id}/revoke",
headers={
"Authorization": "Bearer <token>",
"x-tenant-id": "<tenant-id>",
},
)Response 200 OK
{
"message": "API key revoked successfully"
}Error Responses
| Status | Description |
|---|---|
400 | API key is already revoked, or no active tenant context |
401 | Missing or invalid authentication token |
403 | API key does not belong to the authenticated user or tenant |
404 | API key not found |