Revoke API Credential

Revoke (soft delete) an API credential. The key immediately becomes invalid.

Request

http
DELETE /v1/admin/credentials/:id
Authorization: Bearer {admin_key}

Path Parameters

ParameterTypeDescription
idUUIDCredential ID to revoke

Example Request

bash
curl -X DELETE "https://api.insight.iagon.com/v1/admin/credentials/660e8400-e29b-41d4-a716-446655440001" \
  -H "Authorization: Bearer YOUR_ADMIN_KEY"

Response

Success (200 OK)

json
{
  "success": true,
  "data": {
    "id": "660e8400-e29b-41d4-a716-446655440001",
    "name": "Acme Production Key",
    "api_key_prefix": "iiak_a1b2c3d4",
    "user_account_id": "550e8400-e29b-41d4-a716-446655440000",
    "user_account_name": "Acme Corporation",
    "admin_key_id": "770e8400-e29b-41d4-a716-446655440002",
    "admin_entity_name": "YourCompany",
    "network_id": 0,
    "revoked": true,
    "revoked_at": "2026-01-26T16:00:00Z"
  },
  "message": "Credential revoked successfully"
}

Error Responses

400 Bad Request - Invalid ID format:

json
{
  "success": false,
  "error": "Invalid credential ID format"
}

404 Not Found - Credential not found or already revoked:

json
{
  "success": false,
  "error": "Credential not found or already revoked"
}

Key Rotation

To rotate a key safely:

  1. Create a new credential for the same user
  2. Update your user's integration with the new key
  3. Monitor to ensure the new key is being used
  4. Revoke the old credential

Step 1: Create new key:

bash
curl -X POST "https://api.insight.iagon.com/v1/admin/credentials" \
  -H "Authorization: Bearer YOUR_ADMIN_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name": "Acme Production Key v2", "user_account_id": "550e8400-e29b-41d4-a716-446655440000", "network_id": 0}'

Step 2: Wait for user to switch to new key...

Step 3: Revoke old key:

bash
curl -X DELETE "https://api.insight.iagon.com/v1/admin/credentials/OLD_KEY_ID" \
  -H "Authorization: Bearer YOUR_ADMIN_KEY"

Notes

  • Revocation is immediate - the key stops working instantly
  • Revoked keys are soft-deleted (kept for audit trail)
  • Use includeRevoked=true when listing to see revoked keys
  • All revocations are logged in the audit trail