Skip to main content
DELETE
/
v1
/
api-keys
/
{id}
Revoke API Key
curl --request DELETE \
  --url https://api.example.com/v1/api-keys/{id}

Request

Revocation is a soft delete: the key row is preserved in the api_keys table with revoked_at populated, so audit trails and last-used timestamps remain queryable. All requests using the key after revocation fail with 401 invalid_key. There is no “unrevoke” - create a new key if needed.

Path Parameters

id
string
required
API key UUID.

Headers

Authorization: Bearer wbk_your_api_key_here
Idempotency-Key
string
Optional UUID. Repeated revokes with the same key return the same result without erroring.

Response

On success returns HTTP 204 No Content. The response still carries X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, and X-Request-ID for observability. 
curl -X DELETE \
  https://data.leadlex.com/functions/v1/api-gateway/v1/api-keys/key_01HY1 \
  -H "Authorization: Bearer wbk_your_api_key_here" \
  -i

Example Response

HTTP/1.1 204 No Content
X-Request-ID: req_01HY1K0E7V8Q0YXH7DSTX5B3CA

Errors

StatusCodeDescription
401invalid_keyInvalid or expired API key
403insufficient_permissionsMissing admin:api_keys permission, or the calling key is the last active admin key
404not_foundAPI key not found
429rate_limitedRate limit exceeded