Rotate API Key

curl --request POST \
  --url https://api.signa.so/v1/organization/api-keys/{id}/rotate \
  --header 'Authorization: Bearer <token>'

{
  "id": "key_Mc2eF6gH",
  "object": "api_key",
  "name": "Production Backend",
  "key": "sig_z9y8x7w6v5u4t3s2r1q0p9o8n7m6l5k4j3i2h1g0",
  "prefix": "sig_z9y8",
  "scopes": ["trademarks:read", "billing:read"],
  "created_at": "2025-09-10T08:00:00Z",
  "request_id": "req_xQ3hI9jK"
}

POST

organization

api-keys

{id}

rotate

Rotate API Key

curl --request POST \
  --url https://api.signa.so/v1/organization/api-keys/{id}/rotate \
  --header 'Authorization: Bearer <token>'

{
  "id": "key_Mc2eF6gH",
  "object": "api_key",
  "name": "Production Backend",
  "key": "sig_z9y8x7w6v5u4t3s2r1q0p9o8n7m6l5k4j3i2h1g0",
  "prefix": "sig_z9y8",
  "scopes": ["trademarks:read", "billing:read"],
  "created_at": "2025-09-10T08:00:00Z",
  "request_id": "req_xQ3hI9jK"
}

Overview

Rotates an existing API key by creating a new key with a new ID and the same name, scopes, and configuration. The old key remains valid for a fixed 24-hour grace period to allow for zero-downtime credential rotation in distributed systems. The new key (including its new ID and secret) is returned only once in the response. Store it securely immediately.

The grace period is fixed at 24 hours and is not configurable. The old key will automatically stop working 24 hours after rotation.

Path Parameters

string

required

API key ID to rotate (e.g., key_Mc2eF6gH)

Response

response

object

Show Rotated key object

string

New key ID (different from the rotated key)

name

string

Key name (inherited from the rotated key)

key

string

New API key secret. This is the only time the new key is returned.

prefix

string

New key prefix

scopes

string[]

Authorized scopes (inherited from the rotated key)

created_at

string

Creation timestamp of the new key

{
  "id": "key_Mc2eF6gH",
  "object": "api_key",
  "name": "Production Backend",
  "key": "sig_z9y8x7w6v5u4t3s2r1q0p9o8n7m6l5k4j3i2h1g0",
  "prefix": "sig_z9y8",
  "scopes": ["trademarks:read", "billing:read"],
  "created_at": "2025-09-10T08:00:00Z",
  "request_id": "req_xQ3hI9jK"
}

Code Examples

curl -X POST https://api.signa.so/v1/organization/api-keys/key_Mc2eF6gH/rotate \
  -H "Authorization: Bearer sig_xxxxxxxxxxxx"

Errors

Status	Type	Description
401	`unauthorized`	Missing or invalid API key
403	`forbidden`	Insufficient permissions to rotate keys
404	`not_found`	Key ID does not exist
409	`conflict`	Key was already rotated and is still within its grace period
429	`rate_limited`	Too many requests

List API Keys — view all keys
Create API Key — generate a new key
Get Current Organization — organization profile

Revoke API Key Get Usage

​Overview

​Path Parameters

​Response

​Code Examples

​Errors

​Related Endpoints

Overview

Path Parameters

Response

Code Examples

Errors

Related Endpoints