Skip to main content
DELETE
/
v1
/
api-keys
/
{id}
Revoke API Key
curl --request DELETE \
  --url https://api.example.com/v1/api-keys/{id}
{
  "id": "key_abc123",
  "object": "api_key",
  "deleted": true,
  "livemode": true,
  "request_id": "req_xyz"
}

Overview

Revokes an API key by setting its revoked_at timestamp. The row is preserved so audit logs and historical usage records remain valid. Once revoked, requests using the key return 401 unauthorized. System keys cannot be revoked. Requires the api-keys:manage scope.

Path Parameters

id
string
required
API key ID (key_...).

Response

id
string
Echo of the revoked API key ID.
object
string
Always api_key.
deleted
boolean
Always true on success.
{
  "id": "key_abc123",
  "object": "api_key",
  "deleted": true,
  "livemode": true,
  "request_id": "req_xyz"
}

Code Examples

curl -X DELETE "https://api.signa.so/v1/api-keys/key_abc123" \
  -H "Authorization: Bearer sig_live_YOUR_KEY_HERE"
Revocation is irreversible. To roll a key without downtime, use Rotate API Key — the old key remains valid for a 24-hour grace period.

Errors

StatusTypeDescription
400validation_errorInvalid API key ID
401unauthorizedMissing or invalid API key
403forbiddenAPI key lacks api-keys:manage or target is a system key
404not_foundAPI key does not exist or belongs to another org