Quản lý API KeyRevoke API KEY

Revoke API KEY

Tạ Quốc Thắng·6/2/2026

When the API Key is no longer needed, exposed externally, or needs to be disabled for security reasons, you can revoke that key. The revoked key will stop functioning immediatelyand cannot be restored.

Warning:The revocation action is irreversible. After revoke, any requests using this key will be denied. If you need a new key for the same purpose, please create a new API Key or use the Regeneratefunction instead of Revoke.

Endpoint

POST /api/v1.0/integration/api-keys/{id}/revoke

Permanently revoke an API Key. The key will change to a inactivestate and can no longer be used.

Headers

Header

Type

Required

Description

Authorization

string

Yes

Authentication token. Format: Bearer {{token}}

Path Parameters

Parameter

Type

Required

Description

id

string

Yes

ID of the API Key to be revoked. Obtained from the list of API Keys

Sample Code

curl -X POST "{{protocol}}://{{host}}:{{port}}/api/v1.0/integration/api-keys/key_abc123def456/revoke" \
  -H "Authorization: Bearer {{token}}"
const axios = require('axios')

const keyId = 'key_abc123def456'

const response = await axios.post(
  `{{protocol}}://{{host}}:{{port}}/api/v1.0/integration/api-keys/${keyId}/revoke`,
  {},
  {
    headers: {
      'Authorization': 'Bearer {{token}}'
    }
  }
)

console.log('Kết quả:', response.data.message)
import requests

key_id = 'key_abc123def456'
url = f'{{protocol}}://{{host}}:{{port}}/api/v1.0/integration/api-keys/{key_id}/revoke'
headers = {
    'Authorization': 'Bearer {{token}}'
}

response = requests.post(url, headers=headers)

data = response.json()
print('Kết quả:', data['message'])

Successful Response

HTTP 200 OK

{
  "success": true,
  "message": "API Key đã được thu hồi thành công",
  "id": "key_abc123def456",
  "status": "inactive",
  "revokedAt": "2026-04-07T15:30:00.000Z"
}

Response Description

Field

Type

Description

success

boolean

trueif revoked successfully

message

string

Result message

id

string

ID of the revoked API Key

status

string

New status: inactive

revokedAt

string

Revocation time (ISO 8601)

Common Errors

HTTP Code

Cause

Resolution

401

Invalid or expired token

Retrieve a new authentication token

403

No permission to revoke API Key

Contact Alohubto obtain permission

404

API Key with the provided ID not found

Check the key ID from the list of API Keys

410

API Key has been revoked previously

This key is inactive, no further action needed

When to Revoke vs Regenerate?

Situation

Action

Reason

Key exposed, still need API connection

Regenerate

Disable the old key, create a new key with the same configuration — reduce downtime

Key expired, still need API connection

Regenerate

Quick extension without reconfiguring scopes

Stop integration with third-party applications

Revoke

Permanently cut off access, no replacement key needed

Detect unusual access from the key

Revokeimmediately

Block unauthorized access as quickly as possible

Key management employee leaves the company

Regenerateor Revoke

Depending on whether a connection is still needed

Security:When an API Key is found to be exposed or shows signs of unauthorized access, revoke the key immediately. Contact Alohubif you need assistance checking access logs.

Was this article helpful?
Updated: 6/2/2026
để chuyển bài