Revoke one of the authenticated account's API keys. The key stops authenticating immediately, but the row is retained with `revokedAt` set so it stays visible in listApiKeys as a revoked key (audit trail). Use deleteApiKey to remove it entirely. Scoped to the caller's DID — you cannot revoke another account's key. Idempotent: revoking an already-revoked or unknown key returns `revoked: false`.
Input
application/jsonid
string
Required
The `id` of the key to revoke (from createApiKey or listApiKeys).
maxLength: 200 bytesminLength: 1 bytesOutput
application/jsonrevoked
boolean
Required
True if a live key owned by the caller was revoked by this call; false if no matching unrevoked key existed.
Errors
AuthRequired
No valid session cookie or bearer key was presented. Try It
Requests are sent directly from your browser. Some servers may block requests due to CORS.
View raw schema
{
"type": "procedure",
"input": {
"schema": {
"type": "object",
"required": [
"id"
],
"properties": {
"id": {
"type": "string",
"maxLength": 200,
"minLength": 1,
"description": "The `id` of the key to revoke (from createApiKey or listApiKeys)."
}
}
},
"encoding": "application/json"
},
"errors": [
{
"name": "AuthRequired",
"description": "No valid session cookie or bearer key was presented."
}
],
"output": {
"schema": {
"type": "object",
"required": [
"revoked"
],
"properties": {
"revoked": {
"type": "boolean",
"description": "True if a live key owned by the caller was revoked by this call; false if no matching unrevoked key existed."
}
}
},
"encoding": "application/json"
},
"description": "Revoke one of the authenticated account's API keys. The key stops authenticating immediately, but the row is retained with `revokedAt` set so it stays visible in listApiKeys as a revoked key (audit trail). Use deleteApiKey to remove it entirely. Scoped to the caller's DID — you cannot revoke another account's key. Idempotent: revoking an already-revoked or unknown key returns `revoked: false`."
}