API Keys
Revoke API Key
Revoke (soft delete) an API key to immediately disable access
DELETE
Endpoint
Dashboard-only endpoint. Called from the WiseYield UI with browser cookies (Clerk session). Not callable from a server-to-server integration today. Revoke keys from Settings → API Keys in the dashboard.
Authentication
Requires a signed-in WiseYield session. TheBearer examples below show the response wire format but are not directly callable outside the browser session.
Path Parameters
Unique identifier of the API key to revoke (format:
key_{nanoid})Response
Returns success confirmation.Always
true on successful revocationSuccess message: “API key revoked successfully”
Errors
Unauthorized - User not signed in
Not Found - API key not found, already revoked, or belongs to different user
Internal Server Error - Failed to revoke API key
How It Works
Revocation Flow:- Authentication: Verifies user is signed in
- Ownership Check: Finds API key where:
idmatches provided key_iduserIdmatches authenticated userrevokedAtisnull(not already revoked)
- Soft Delete: Updates API key:
revokedAt:null→ current timestampisActive:true→falseupdatedAt: current timestamp
- Audit Log: Records revocation for security tracking
- Immediate Effect: Key becomes invalid for all API requests
- Key will not authenticate any API requests
- Key excluded from list endpoints (filters by
revokedAt IS NULL) - Cannot be restored (must create new key)
- Historical usage data preserved
Security Implications
Immediate Access Revocation
What Happens Instantly:- ✅ All active API requests using this key will fail with 401 Unauthorized
- ✅ Key removed from active keys list
- ✅ Rate limit tracking stops
- ✅ Usage tracking stops
- ✅ Historical usage data (
usageCount,lastUsedAt) - ✅ Audit logs showing when key was created and revoked
- ✅ Metadata and configuration
Impact on Applications
Applications Using Revoked Key:- Update application with new API key
- Monitor error logs for failed requests
- Notify team members using the key
Use Cases
Revoke Compromised Key
Revoke Unused Keys
Revoke Expired Keys
Rotate API Key
Bulk Revoke Test Keys
Best Practices
Integration Examples
Revoke Button with Confirmation
API Keys Management Table
Cleanup Unused Keys Alert
Related Endpoints
- List API Keys - GET to list all API keys
- Create API Key - POST to generate new API key