# dev.cocore.account.revokeApiKey

> Published by [cocore.dev](https://lexicon.garden/identity/did:plc:5quuhkmwe2q4k3azfsgg7kdz)

✓ This is the authoritative definition for this NSID.

## Links

- [View on Lexicon Garden](https://lexicon.garden/lexicon/did:plc:5quuhkmwe2q4k3azfsgg7kdz/dev.cocore.account.revokeApiKey)
- [Documentation](https://lexicon.garden/lexicon/did:plc:5quuhkmwe2q4k3azfsgg7kdz/dev.cocore.account.revokeApiKey/docs)
- [Examples](https://lexicon.garden/lexicon/did:plc:5quuhkmwe2q4k3azfsgg7kdz/dev.cocore.account.revokeApiKey/examples)

## Definitions

### `dev.cocore.account.revokeApiKey`

**Type**: `procedure`

Revoke one of the authenticated account's API keys. The key stops authenticating immediately, but the row is retained with `revokedAt` set so it stays visible in listApiKeys as a revoked key (audit trail). Use deleteApiKey to remove it entirely. Scoped to the caller's DID — you cannot revoke another account's key. Idempotent: revoking an already-revoked or unknown key returns `revoked: false`.

#### Input

**Encoding**: `application/json`

| Property | Type | Required | Description |
|----------|------|----------|-------------|
| `id` | `string` | Yes | The `id` of the key to revoke (from createApiKey or listApiKeys). |

#### Output

**Encoding**: `application/json`

| Property | Type | Required | Description |
|----------|------|----------|-------------|
| `revoked` | `boolean` | Yes | True if a live key owned by the caller was revoked by this call; false if no matching unrevoked key existed. |

#### Errors

- **AuthRequired**: No valid session cookie or bearer key was presented.

## Raw Schema

```json
{
  "id": "dev.cocore.account.revokeApiKey",
  "defs": {
    "main": {
      "type": "procedure",
      "input": {
        "schema": {
          "type": "object",
          "required": [
            "id"
          ],
          "properties": {
            "id": {
              "type": "string",
              "maxLength": 200,
              "minLength": 1,
              "description": "The `id` of the key to revoke (from createApiKey or listApiKeys)."
            }
          }
        },
        "encoding": "application/json"
      },
      "errors": [
        {
          "name": "AuthRequired",
          "description": "No valid session cookie or bearer key was presented."
        }
      ],
      "output": {
        "schema": {
          "type": "object",
          "required": [
            "revoked"
          ],
          "properties": {
            "revoked": {
              "type": "boolean",
              "description": "True if a live key owned by the caller was revoked by this call; false if no matching unrevoked key existed."
            }
          }
        },
        "encoding": "application/json"
      },
      "description": "Revoke one of the authenticated account's API keys. The key stops authenticating immediately, but the row is retained with `revokedAt` set so it stays visible in listApiKeys as a revoked key (audit trail). Use deleteApiKey to remove it entirely. Scoped to the caller's DID — you cannot revoke another account's key. Idempotent: revoking an already-revoked or unknown key returns `revoked: false`."
    }
  },
  "$type": "com.atproto.lexicon.schema",
  "lexicon": 1
}
```