> ## Documentation Index
> Fetch the complete documentation index at: https://docs.xquik.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Revoke API key

> Permanently deactivate an API key. Revocation is immediate and irreversible

<blockquote className="agent-llms-directive">
  For the complete documentation index, see <a href="/llms.txt">llms.txt</a>.
</blockquote>

<Callout icon="circle-check" color="#16a34a">
  **Free** - does not consume credits
</Callout>

<CodeGroup>
  ```bash cURL theme={null}
  curl -X DELETE https://xquik.com/api/v1/api-keys/42 \
    -H "Cookie: session_token=YOUR_SESSION_TOKEN" | jq
  ```

  ```javascript Node.js theme={null}
  const response = await fetch("https://xquik.com/api/v1/api-keys/42", {
    method: "DELETE",
    headers: { "Cookie": "session_token=YOUR_SESSION_TOKEN" },
  });
  const result = await response.json();
  console.log(result);
  ```

  ```python Python theme={null}
  import requests

  response = requests.delete(
      "https://xquik.com/api/v1/api-keys/42",
      cookies={"session_token": "YOUR_SESSION_TOKEN"},
  )
  result = response.json()
  print(result)
  ```

  ```go Go theme={null}
  package main

  import (
  	"fmt"
  	"io"
  	"log"
  	"net/http"
  )

  func main() {
  	req, err := http.NewRequest("DELETE", "https://xquik.com/api/v1/api-keys/42", nil)
  	if err != nil {
  		log.Fatal(err)
  	}
  	req.AddCookie(&http.Cookie{Name: "session_token", Value: "YOUR_SESSION_TOKEN"})

  	resp, err := http.DefaultClient.Do(req)
  	if err != nil {
  		log.Fatal(err)
  	}
  	defer resp.Body.Close()

  	body, err := io.ReadAll(resp.Body)
  	if err != nil {
  		log.Fatal(err)
  	}
  	fmt.Println(string(body))
  }
  ```
</CodeGroup>

## Path parameters

<ParamField path="id" type="string" required>
  The unique identifier of the API key to revoke.
</ParamField>

## Headers

<ParamField header="Cookie" type="string">
  Dashboard session cookie. Format: `session_token=YOUR_SESSION_TOKEN`.
</ParamField>

<ParamField header="x-api-key" type="string">
  API key for the same account. Use this instead of `Cookie` for automated key rotation.
</ParamField>

<ParamField header="Authorization" type="string">
  OAuth bearer token for the same account. Format: `Bearer YOUR_TOKEN`.
</ParamField>

## Response

<Tabs>
  <Tab title="200 OK">
    <ResponseField name="success" type="boolean">
      Always `true` when the key is successfully revoked.
    </ResponseField>

    ```json theme={null}
    { "success": true }
    ```
  </Tab>

  <Tab title="400 Invalid ID">
    ```json theme={null}
    { "error": "invalid_id" }
    ```

    The path parameter is not a valid ID. IDs are numeric strings.
  </Tab>

  <Tab title="401 Unauthenticated">
    ```json theme={null}
    { "error": "unauthenticated" }
    ```

    Missing or invalid session cookie, API key, or bearer token.
  </Tab>

  <Tab title="404 Not Found">
    ```json theme={null}
    { "error": "not_found" }
    ```

    No API key with this ID exists on your account, or it has already been revoked.
  </Tab>

  <Tab title="429 Rate Limited">
    ```json theme={null}
    { "error": "rate_limit_exceeded", "message": "Too many requests. Try again later.", "retryAfter": 60 }
    ```

    Too many requests. Wait for the `Retry-After` header before retrying.
  </Tab>
</Tabs>

<Warning>
  Revocation is **immediate and permanent**. All requests using the revoked key will return `401 Unauthenticated`. This action cannot be undone. Create a new key if needed.
</Warning>

<Note>
  Use a dashboard session cookie, API key, or OAuth bearer token for the same account. If you revoke the API key used for this request, later requests with that key return `401 Unauthenticated`.

  **Related:** [Create API Key](/api-reference/api-keys/create) · [List API Keys](/api-reference/api-keys/list)
</Note>
