Revoke API Key

Endpoint

POST /api/v1/keys/{id}/revoke
Host: api.driftguard.dev

Revoking a key sets is_active to false. Any request made with a revoked key will immediately return 401. The key is not deleted — it can be reactivated at any time via POST /api/v1/keys//activate.

Path Parameters

Parameter	Type	Required	Description
`id`	string	Yes	The key ID to revoke — from GET /api/v1/keys

Request

curl -s -X POST https://api.driftguard.dev/api/v1/keys/your_key_id_here/revoke \
  -H "X-API-Key: $DRIFTGUARD_KEY"

Response

{
  "id": "your_key_id_here",
  "is_active": false,
  "environment": "live",
  "key_preview": "dg_live_xxxxxxxx"
}

Response Fields

Field	Type	Description
`id`	string	The key that was revoked
`is_active`	boolean	Always `false` after a successful revoke
`environment`	string	`live` or `test`
`key_preview`	string	First 16 characters of the key for identification

Revoke is reversible. If you need to permanently remove a key, use DELETE /api/v1/keys/ after revoking it.

Error Responses

Status	Meaning
`401`	Missing or invalid `X-API-Key`
`404`	Key not found, or belongs to a different user
`429`	Rate limit exceeded — 100 req/min per key

Activate Key

Reactivate a previously revoked key.

Delete Key

Permanently delete a revoked key.

Contracts

Checks

Usage

Webhooks

API Keys

Endpoint

Path Parameters

Request

Response

Response Fields

Error Responses

Activate Key

Delete Key

Contracts

Checks

Usage

Webhooks

API Keys

​Endpoint

​Path Parameters

​Request

​Response

​Response Fields

​Error Responses

Activate Key

Delete Key

Endpoint

Path Parameters

Request

Response

Response Fields

Error Responses