Skip to main content

keys.revoke

Revokes an API key, immediately preventing all access. This endpoint requires Clerk JWT authentication.

Authentication

Authorization: Bearer <clerk_jwt_token>

Parameters

id
string
required
UUID of the API key to revoke (from keys.list)

Response

success
boolean
Returns true if the key was successfully revoked

Examples

import { trpc } from '@/lib/trpc';

function RevokeKeyButton({ keyId }: { keyId: string }) {
  const revokeKey = trpc.keys.revoke.useMutation({
    onSuccess: () => {
      alert('API key revoked successfully');
    },
  });
  
  const handleRevoke = () => {
    if (confirm('Are you sure? This cannot be undone.')) {
      revokeKey.mutate({ id: keyId });
    }
  };
  
  return (
    <button onClick={handleRevoke} className="text-red-600">
      Revoke Key
    </button>
  );
}

{
  "success": true
}
Revoking a key immediately stops all applications using that key. Make sure to update your applications with a new key before revoking the old one.

Key Rotation Workflow

1

Create a new API key

const newKey = await createKey.mutate({
  name: 'Production Key (New)',
});

console.log('New key:', newKey.secret);
2

Update your applications

Update environment variables in all environments:
# .env.production
SATORI_API_KEY=sk_satori_new_key...
Deploy the updates to all services.
3

Verify the new key works

Test your application to ensure the new key is working correctly.
4

Revoke the old key

await revokeKey.mutate({ id: oldKeyId });
Old key is now revoked and cannot be used.

Use Cases

If you suspect a key has been exposed:
// Immediately revoke the compromised key
await revokeKey.mutate({ id: compromisedKeyId });

// Create a new key
const newKey = await createKey.mutate({
  name: 'Production Key (Rotated)',
});

// Update your applications ASAP
Clean up keys that are no longer in use:
const keys = await client.keys.list.query();

for (const key of keys) {
  // If not used in 90 days
  const ninetyDaysAgo = Date.now() - 90 * 24 * 60 * 60 * 1000;
  const lastUsed = key.lastUsedAt ? new Date(key.lastUsedAt).getTime() : 0;
  
  if (lastUsed < ninetyDaysAgo) {
    await revokeKey.mutate({ id: key.id });
    console.log(`Revoked unused key: ${key.name}`);
  }
}
Revoke keys when team members leave:
// Revoke all keys associated with a project
const keysToRevoke = [
  'key-id-1',
  'key-id-2',
  'key-id-3',
];

for (const keyId of keysToRevoke) {
  await revokeKey.mutate({ id: keyId });
}

List API Keys

Find keys to revoke

Create API Key

Create a replacement key

Authentication Guide

Learn about key security