Revoke API Key

curl --request DELETE \
  --url https://api.signa.so/v1/organization/api-keys/{id} \
  --header 'Authorization: Bearer <token>'

{
  "id": "key_abc123",
  "object": "api_key",
  "deleted": true,
  "request_id": "req_xyz"
}

DELETE

organization

api-keys

{id}

Revoke API Key

curl --request DELETE \
  --url https://api.signa.so/v1/organization/api-keys/{id} \
  --header 'Authorization: Bearer <token>'

{
  "id": "key_abc123",
  "object": "api_key",
  "deleted": true,
  "request_id": "req_xyz"
}

Overview

Revokes an API key by setting its revoked_at timestamp. The row is preserved so audit logs and historical usage records remain valid. Once revoked, requests using the key return 401 unauthorized. System keys cannot be revoked. Requires the api-keys:manage scope.

Path Parameters

string

required

API key ID (key_...).

Response

string

Echo of the revoked API key ID.

object

string

Always api_key.

deleted

boolean

Always true on success.

{
  "id": "key_abc123",
  "object": "api_key",
  "deleted": true,
  "request_id": "req_xyz"
}

Code Examples

curl -X DELETE "https://api.signa.so/v1/organization/api-keys/key_abc123" \
  -H "Authorization: Bearer sig_YOUR_KEY_HERE"

Revocation is irreversible. To roll a key without downtime, use Rotate API Key — the old key remains valid for a 24-hour grace period.

Errors

Status	Type	Description
400	`validation_error`	Invalid API key ID
401	`unauthorized`	Missing or invalid API key
403	`forbidden`	API key lacks `api-keys:manage` or target is a system key
404	`not_found`	API key does not exist or belongs to another org

Rotate API Key — graceful key rotation
List API Keys

Update API Key Rotate API Key

​Overview

​Path Parameters

​Response

​Code Examples

​Errors

​Related Endpoints

Overview

Path Parameters

Response

Code Examples

Errors

Related Endpoints