Reten Docs
API Keys

Revoke API Key

Revoke an active API key to permanently disable it.

POST /api/api-keys/:id/revoke

Revoke an API key owned by the authenticated user. Once revoked, the key can no longer be used for authentication. This is a soft delete — the key record is preserved for audit purposes.

Auth: Required — MANAGE_API_KEYS permission

Path Parameters

ParameterTypeDescription
idstringUUID of the API key to revoke

Example

curl -X POST https://api.reten.ai/api/api-keys/f47ac10b-58cc-4372-a567-0e02b2c3d479/revoke \
  -H "Authorization: Bearer <token>" \
  -H "x-tenant-id: <tenant-id>"
import axios from 'axios';

const response = await axios.post(
  'https://api.reten.ai/api/api-keys/f47ac10b-58cc-4372-a567-0e02b2c3d479/revoke',
  {},
  {
    headers: {
      Authorization: 'Bearer <token>',
      'x-tenant-id': '<tenant-id>',
    },
  }
);

const result = response.data;

Response 200 OK

{
  "message": "API key revoked successfully"
}

Error Responses

StatusDescription
400API key is already revoked, or no active tenant context
401Missing or invalid authentication token
403API key does not belong to the authenticated user or tenant
404API key not found

List API Keys

Get all API keys for the current user and tenant.

Register User

Create a new user with role assignments.