DELETE/api/v1/api-keys/{keyId}

Revoke (soft-delete) an API key

Marks the key as revoked. The runtime gate begins returning 401 REVOKED_API_KEY immediately. The row is preserved for audit purposes — foreign keys from gateway logs and audit records continue to resolve. Requires the 'admin' role on the key's org.

Authentication

Send Authorization: Bearer YOUR_API_KEY on every request. Generate API keys at /dashboard/api-keys.

Parameters

keyId in pathrequired
string

Response

All status codes

200Key revoked; body confirms id, name, key_prefix, and the revoked_at timestamp
400(no description)
401(no description)
404API key not found or caller not authorized for this org
409Key was already revoked
429(no description)

Code samples

cURL

curl -X DELETE \
  https://evalguard.ai/api/v1/api-keys/{keyId} \
  -H "Authorization: Bearer $EVALGUARD_API_KEY" \

TypeScript

import { EvalGuard } from "@evalguard/sdk";

const client = new EvalGuard({ apiKey: process.env.EVALGUARD_API_KEY });

const response = await client.request({
  method: "DELETE",
  path: "/api/v1/api-keys/{keyId}",
});
console.log(response);

Python

from evalguard import EvalGuard
import os

client = EvalGuard(api_key=os.environ["EVALGUARD_API_KEY"])

response = client.request(method="DELETE", path="/api/v1/api-keys/{keyId}")
print(response)

Go

package main

import (
	"context"
	"fmt"
	"os"

	"github.com/evalguard/evalguard-go"
)

func main() {
	client := evalguard.NewClient(os.Getenv("EVALGUARD_API_KEY"))
	resp, err := client.Request(context.Background(), "DELETE", "/api/v1/api-keys/{keyId}", nil)
	if err != nil { panic(err) }
	fmt.Println(resp)
}

Errors

400401404409429

Other API Keys endpoints