Revoke an API key. It stops authenticating immediately, and later requests that use it return 401 UNAUTHORIZED. This call is idempotent. The key is not deleted; it stays visible when you list keys (subject to include_revoked) so you can keep a revocation history. Unknown or cross-organization ids return 404 NOT_FOUND.

Requires the apikeys:write scope.

Authorization

AuthorizationBearer <token>

Authenticate by sending your API key as a bearer token: Authorization: Bearer am_live_.... Every request is automatically scoped to the organization that owns the key and to the scopes granted to that key.

In: header

Path Parameters

id*string

Formatuuid

Response Body

`application/json`

curl -X DELETE "https://example.com/v1/api-keys/497f6eca-6276-4993-bfeb-53cbbbba6f08"

Empty

{
  "success": false,
  "error": {
    "code": "VALIDATION_FAILED",
    "message": "validation failed",
    "request_id": "01JTBQH2FZ8K1RXC0WJ4Z9P3VM",
    "details": {
      "to": "must be E.164",
      "body": "must be 1..1600 chars"
    }
  }
}

{
  "success": false,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "authentication failed",
    "request_id": "01JTBQH2FZ8K1RXC0WJ4Z9P3VM"
  }
}

{
  "success": false,
  "error": {
    "code": "FORBIDDEN",
    "message": "missing required scope",
    "request_id": "01JTBQH2FZ8K1RXC0WJ4Z9P3VM"
  }
}

{
  "success": false,
  "error": {
    "code": "NOT_FOUND",
    "message": "not found",
    "request_id": "01JTBQH2FZ8K1RXC0WJ4Z9P3VM"
  }
}

Revoke an API key

Authorization

Path Parameters

Response Body

204

400application/json

401application/json

403application/json

404application/json

`application/json`

`application/json`

`application/json`

`application/json`