Skip to main content
DELETE
/
api-keys
/
{id}
Revoke an API key
curl --request DELETE \
  --url https://api.dialnexa.com/v1/api-keys/{id} \
  --header 'Authorization: Bearer <token>'
{
  "message": "API key revoked."
}
Permanently revokes an API key. Every API request that arrives with this key starts returning 401 Unauthorized immediately, including in-flight requests that were authenticated with the key but had not yet been authorized. Revocation cannot be undone, DialNexa does not retain enough state to re-issue the same secret. To restore access, create a new key with Create API Key and update the consumer.

When to use this

Revoke a key whenever you have reason to believe it is no longer trusted, no longer needed, or is being used by a system you want to disconnect. Typical cases:
  • Suspected leak: a key appeared in a logged stack trace, a screenshot, or a public commit. Revoke first, then rotate downstream.
  • Decommissioning: the integration or environment the key was created for is being retired.
  • Employee or vendor offboarding: a person or third party who held the key no longer needs access.
  • Scheduled rotation: your security policy requires periodic rotation, and the new key has already been deployed.
For a planned cutover, follow the Key rotation playbook: create a new key, deploy it everywhere, verify traffic on the new key, then revoke the old one. Skipping the verification step is the most common cause of an outage during rotation.

Behavior

  • Active calls already in progress are not interrupted; DialNexa terminates the session for the API key, not for in-flight call media.
  • New requests with the revoked key immediately return 401 Unauthorized.
  • The key’s audit trail (creation time, last-used time, revocation time) remains visible in List API Keys.

Path parameters

ParameterDescription
idThe API key ID, for example abcgvvzzlrbnqy. The ID is the short identifier, not the full secret value.

Errors

  • 404 Not Found is returned when the API key does not exist or has already been revoked.
  • 403 Forbidden is returned when the caller’s key does not have permission to revoke other keys.

Request

curl -X DELETE "https://api.dialnexa.com/v1/api-keys/abcgvvzzlrbnqy" \
  -H "Authorization: Bearer YOUR_API_KEY"

Response

{ "message": "success" }
  • Create API Key: issue a replacement key before revoking the old one.
  • List API Keys: review which keys are active in your workspace.
  • Key rotation: recommended sequence for rotating keys with no downtime.

Authorizations

Authorization
string
header
required

Pass your API key as a Bearer token in the Authorization header.

Path Parameters

id
string
required

Response

Success.

message
string
Example:

"API key revoked."