Skip to main content
DELETE
/
api
/
v1
/
rewards
/
app
/
{rewardsAppId}
/
api-key
/
{apiKeyId}
Revoke API Key
curl --request DELETE \
  --url https://api.zebedee.io/api/v1/rewards/app/{rewardsAppId}/api-key/{apiKeyId} \
  --header 'Authorization: <authorization>' \
  --header 'z-client: <z-client>'
{
  "success": true,
  "message": "API key revoked successfully."
}
Use this endpoint to immediately prevent it from being used for authentication with your Rewards App.
Revoking an API key immediately prevents it from being used for authentication. Any services using this key will no longer be able to access your Rewards App. If Send Reward v2 is using this API key, it will stop working once the key is revoked, as the key becomes invalid.
Permanent Action. Once revoked, an API key cannot be reactivated. You will need to create a new API key if needed.

Configuration

Header Parameters

z-client
string
required
Client identifier (use “developer-dashboard” )
Authorization
string
required
Bearer token for authenticationFormat: Bearer {JWT_TOKEN}

Path Parameters

rewardsAppId
string
required
Your Rewards App ID
apiKeyId
string
required
The ID of the API key to revoke Get this ID from the “List API Keys” endpoint
{
  "success": true,
  "message": "API key revoked successfully."
}

{
  "success": false,
  "message": "Invalid UUID"
}

Response Fields

FieldTypeDescription
successbooleanWhether the revocation was successful
messagestringConfirmation message

Response Status Codes

CodeDescription
200API key revoked successfully
400Bad request - invalid UUID
401Unauthorized - authentication required
403Forbidden - developer does not own this app
404API key not found or does not belong to this app
500Internal server error

Code Examples

const rewardsAppId = 'YOUR_REWARDS_APP_ID';
const apiKeyId = 'YOUR_API_KEY_ID';
const jwtToken = 'YOUR_JWT_TOKEN';

async function revokeApiKey(rewardsAppId, apiKeyId) {
  const response = await fetch(
    `https://api.zebedee.io/api/v1/rewards/app/${rewardsAppId}/api-key/${apiKeyId}`,
    {
      method: 'DELETE',
      headers: {
        'z-client': 'developer-dashboard',
        'Authorization': `Bearer ${jwtToken}`
      }
    }
  );

  const data = await response.json();

  if (data.success) {
    console.log('✅ API key revoked successfully!');
    console.log('This key can no longer be used for authentication.');
    return data;
  } else {
    throw new Error(`Failed: ${data.message}`);
  }
}

// Revoke key
await revokeApiKey(
  'b28e0306-2c06-4092-8d56-a1623d6b97fb',
  '78b411d8-1f61-4824-97c6-e3c3a571f1c5'
);

What Happens After Revocation?

Before Revocation API Key Active

Key can be used for authentication

After Revocation API Key Revoked

Key can no longer authenticate

Try It Out

Ready to revoke an API key? Use our API playground on the right to test with your JWT token.