Rotate an API key

Rotate an API key by invalidating the old secret and generating a new one.

Important:

  • The old key will be immediately invalidated
  • A new key will be generated with the same settings (name, role, expiration, etc.)
  • The new key will only be shown once in the response
  • The key owner must have an active session for rotation to work

Use this when you suspect a key may have been compromised or as part of regular security practices.

Permissions: Requires either api-keys:self (for own keys) or api-keys:manage (for keys of users in scope). The service verifies specific access.

Path Parameters
  • keyId
    Type: string
    required

    API key ID to rotate

Responses
  • application/json
  • 400

    Key owner does not have an active session

  • application/json
  • application/json
  • application/json
Request Example for post/auth/api-keys/{keyId}/rotate
curl 'https://api.gpcn.com/v1/auth/api-keys/{keyId}/rotate' \
  --request POST \
  --header 'X-API-Key: YOUR_SECRET_TOKEN'

{
  "success": true,
  "data": {
    "key": "string",
    "id": "string",
    "prefix": "string",
    "start": "string",
    "message": "string"
  }
}

API key rotated successfully