Skip to main content
POST
/
v2
/
api-keys
/
{id}
/
rotate
Rotate API Key
curl --request POST \
  --url https://app.textql.com/v2/api-keys/{id}/rotate \
  --header 'Authorization: Bearer <token>'
import requests

url = "https://app.textql.com/v2/api-keys/{id}/rotate"

headers = {"Authorization": "Bearer <token>"}

response = requests.post(url, headers=headers)

print(response.text)
const options = {method: 'POST', headers: {Authorization: 'Bearer <token>'}};

fetch('https://app.textql.com/v2/api-keys/{id}/rotate', options)
  .then(res => res.json())
  .then(res => console.log(res))
  .catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
  CURLOPT_URL => "https://app.textql.com/v2/api-keys/{id}/rotate",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_HTTPHEADER => [
    "Authorization: Bearer <token>"
  ],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}
package main

import (
	"fmt"
	"net/http"
	"io"
)

func main() {

	url := "https://app.textql.com/v2/api-keys/{id}/rotate"

	req, _ := http.NewRequest("POST", url, nil)

	req.Header.Add("Authorization", "Bearer <token>")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.post("https://app.textql.com/v2/api-keys/{id}/rotate")
  .header("Authorization", "Bearer <token>")
  .asString();
require 'uri'
require 'net/http'

url = URI("https://app.textql.com/v2/api-keys/{id}/rotate")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'

response = http.request(request)
puts response.read_body
{
  "key": "BEARER_SECRET_SHOWN_ONCE",
  "api_key": {
    "id": "4f0c39a1-7c9e-4a34-9d20-6a1f6f6f2b71",
    "member_id": "9b2f7a64-11d0-4c1b-8f3e-2f9c5b7f6e10",
    "name": "acme-session-key",
    "client_id": "{\"tenant_id\": \"acme\", \"user_email\": \"jane@acme.example\"}",
    "assumed_roles": [
      "80de0196-496f-44fe-9d4c-8013b3b44082"
    ],
    "status": "active",
    "created_at": "2026-07-06T19:30:00Z",
    "expires_at": "2026-07-06T20:30:00Z"
  },
  "revoked_api_key_id": "<string>"
}
{
  "error": {
    "code": "invalid_request",
    "message": "Invalid request body"
  }
}
{
  "error": {
    "code": "unauthenticated",
    "message": "Authentication required"
  }
}
{
  "error": {
    "code": "permission_denied",
    "message": "Insufficient permissions"
  }
}
{
  "error": {
    "code": "not_found",
    "message": "Resource not found"
  }
}
{
  "error": {
    "code": "rate_limit_exceeded",
    "message": "Rate limit exceeded"
  }
}
{
  "error": {
    "code": "internal",
    "message": "Internal server error"
  }
}

Authorizations

Authorization
string
header
required

API key or JWT token

Path Parameters

id
string
required

The API key id (not the bearer secret)

Response

The replacement key. key is the bearer secret, shown only once.

key
string

The replacement key's full bearer credential. Shown exactly once; store it securely.

Example:

"BEARER_SECRET_SHOWN_ONCE"

api_key
object
revoked_api_key_id
string

The id of the key that was revoked by this rotation.