Revoke API Key
Immediately revoke an API key, preventing any further authentication with it. This action cannot be undone.
Request
DELETE /api-keys/{id}
Authentication
Requires an Admin Bearer JWT token.
Authorization: Bearer <access_token>
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
id | UUID | Yes | The unique identifier of the API key to revoke |
Response
Success Response
Status Code: 204 No Content
No response body is returned on successful revocation.
Errors
| Status Code | Error Code | Description |
|---|---|---|
401 | UNAUTHORIZED | Missing or invalid JWT token |
403 | FORBIDDEN | User does not have admin privileges |
404 | NOT_FOUND | API key with the specified ID does not exist or does not belong to your organization |
Example
Request
curl -X DELETE https://api.entryguard.io/api/v1/api-keys/550e8400-e29b-41d4-a716-446655440000 \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
Response
HTTP/1.1 204 No Content
Notes
- Once an API key is revoked, any requests using that key will immediately receive a
401 Unauthorizedresponse. - Revoked keys remain visible in the API key list with
isRevoked: truefor audit purposes. - The revocation is logged in the audit trail with the event type
API_KEY_REVOKED.