Revoke an API key

DELETE

/api-keys/{id}

const url = 'https://your-org.evershell.ai/v1/api-keys/example';
const options = {method: 'DELETE', headers: {Authorization: 'Bearer <token>'}};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}

curl --request DELETE \
  --url https://your-org.evershell.ai/v1/api-keys/example \
  --header 'Authorization: Bearer <token>'

Permissions: apikeys:write.

Calls WorkOS DELETE (404 treated as success), then deletes the local mirror row, then evicts the in-memory verify cache. Subsequent calls with the revoked secret 401 immediately. Stays reachable from any billing posture so a leaked key can be invalidated during wind-down.

Authorizations

bearerAuth

Parameters

Path Parameters

required

string

Responses

200

Revoked

application/json

object

string

status

string

Example

{
  "status": "revoked"
}

401

Missing or invalid credential

application/json

object

error

required

object

code

required

Closed-enum slug (e.g. permission_denied, validation_error, workspace_not_found)

string

message

required

Human-readable summary

string

request_id

required

Server-generated request id for correlating logs

string

details

Optional structured context. Validation errors land at details.fields as a per-field map.

object

key

additional properties

any

Example

{
  "error": {
    "code": "permission_denied",
    "message": "caller lacks required scope",
    "request_id": "7f3a9c2e"
  }
}

403

Caller lacks the required scope, or cross-org access attempted

application/json

object

error

required

object

code

required

Closed-enum slug (e.g. permission_denied, validation_error, workspace_not_found)

string

message

required

Human-readable summary

string

request_id

required

Server-generated request id for correlating logs

string

details

Optional structured context. Validation errors land at details.fields as a per-field map.

object

key

additional properties

any

Example

{
  "error": {
    "code": "permission_denied",
    "message": "caller lacks required scope",
    "request_id": "7f3a9c2e"
  }
}

404

Resource not found in the caller’s org

application/json

object

error

required

object

code

required

Closed-enum slug (e.g. permission_denied, validation_error, workspace_not_found)

string

message

required

Human-readable summary

string

request_id

required

Server-generated request id for correlating logs

string

details

Optional structured context. Validation errors land at details.fields as a per-field map.

object

key

additional properties

any

Example

{
  "error": {
    "code": "permission_denied",
    "message": "caller lacks required scope",
    "request_id": "7f3a9c2e"
  }
}