Revoke API Key
developer/v1/keys/:idPermanently revokes an API key with immediate effect. All API calls using this key will return 401 Unauthorized immediately after revocation. The revocation is permanent and cannot be undone — the key's revoked_at timestamp is set and it is excluded from all future authentication attempts. The key record is retained (soft delete) for audit trail purposes per SOC 2 CC7.2 requirements.
What It Does
Sets the revoked_at timestamp on the API key record, immediately invalidating it for all future API authentication. The key is soft-deleted — the record persists in the database for audit purposes but is excluded from the listApiKeys and lookupApiKey queries. Subsequent API calls using the revoked key prefix will fail hash lookup since only non-revoked keys are queried during authentication.
Why It's Useful
Immediate key revocation is critical for security incident response when a key is exposed, leaked, or compromised. OWASP API Security guidelines and NIST SP 800-57 require the ability to immediately revoke compromised credentials. The soft-delete approach maintains an audit trail for compliance frameworks (SOC 2, ISO 27001) while ensuring the key can never be used again. Also essential for offboarding — immediately revoke keys when team members leave or contractors' engagements end.
Use Cases
Compromised Key Response
A key was accidentally committed to a public GitHub repository or exposed in client-side code. Immediately revoke it to prevent unauthorized access while generating a replacement key with tighter restrictions.
Instant access termination — the key stops working within milliseconds of revocation, closing the exposure window.
Employee Offboarding
During employee departure, revoke all API keys associated with their projects or personal access as part of the standard offboarding checklist.
Eliminate lingering access — per NIST SP 800-53 AC-2(3), access must be revoked within 24 hours of personnel changes.
Application Decommissioning
Revoke API keys for retired applications, discontinued integrations, or sunset third-party vendor connections.
Reduce attack surface by removing credentials for decommissioned systems that could otherwise be exploited.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | API key ID (key_* format) to revoke, as URL path parameterExample: key_m1abc123def456 |
Response Fields
| Field | Type | Description |
|---|---|---|
key_id | string | Revoked key identifier |
status | string | Key status (revoked) |
revoked_at | string | Revocation timestamp (ISO 8601) |
Code Examples
curl "https://api.edgedns.dev/v1/keys/:id" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d "domain=key_m1abc123def456"const response = await fetch(
'https://api.edgedns.dev/v1/keys/:id?domain=key_m1abc123def456',
{
headers: {
'Authorization': 'Bearer YOUR_API_KEY'
}
}
);
const data = await response.json();
console.log(data);import requests
response = requests.get(
'https://api.edgedns.dev/v1/keys/:id',
headers={'Authorization': 'Bearer YOUR_API_KEY'},
params={
'domain': 'key_m1abc123def456'
}
)
data = response.json()
print(data)Read the full Revoke API Key guide
Why it matters, real-world use cases, parameters, response fields, and how to call it from Claude, ChatGPT, or Gemini via MCP.
Read the guide →Related Endpoints
External References
Learn more about the standards and protocols behind this endpoint.
Try This Endpoint
Test the Revoke API Key endpoint live in the playground.