Skip to main content
Docs

revoke()

Revokes an API key. This will immediately invalidate the API key and prevent it from being used to authenticate any future requests.

function revoke(params: RevokeAPIKeyParams): Promise<APIKey>

RevokeAPIKeyParams

  • Name
    apiKeyId
    Type
    string
    Description

    The ID of the API key to revoke.

  • Name
    revocationReason?
    Type
    string | null
    Description

    Optional reason for revocation. Useful for your records.

Example

Note

Using clerkClient varies based on your framework. Refer to the JS Backend SDK overview for usage details, including guidance on how to access the userId and other properties.

Revoke an API key

const apiKey = await clerkClient.apiKeys.revoke({
  apiKeyId: 'ak_xxx',
})

Revoke an API key with a reason

const apiKey = await clerkClient.apiKeys.revoke({
  apiKeyId: 'ak_xxx',
  revocationReason: 'Key compromised',
})

Important

When you revoke an API key, it is immediately invalidated. Any requests using that API key will be rejected. Make sure to notify users or update your systems before revoking API keys that are in active use.

Backend API (BAPI) endpoint

This method in the SDK is a wrapper around the BAPI endpoint POST/api_keys/{apiKeyID}/revoke. See the BAPI reference for more information.

Feedback

What did you think of this content?
GitHubEdit on GitHub

Last updated on