Delete API Key

POST/web/v1/workspaces/{workspaceId}/api-keys/delete JWT

Permanently deletes (soft-delete) an API key. Deleted keys cannot be recovered or re-enabled.

Required Headers

Header	Example Value	Description
Content-Type	application/json	Request content type
Accept	application/json	Expected response type
X-Client-Hash		Client device fingerprint
Accept-Language	en, zh, zh-Hant, ja, vi	Response language (default: en)
Authorization	Bearer	JWT access token
X-Workspace-Id		Target workspace ID

Request Parameters

Name	Type	Required	In	Description
workspaceId	string	Required	path	Workspace business ID
keyId	string	Required	body	Business ID of the API key to delete

Success Response

No Content 204

Error Responses

Unauthorized 401

{
  "success": false,
  "code": "4010",
  "message": "Invalid or expired token"
}

Forbidden — not workspace owner 403

{
  "success": false,
  "code": "4030",
  "message": "Only workspace owner can manage API keys"
}

Notes

• This is a soft-delete operation; the key record is marked as deleted but not physically removed.
• Deleted keys can no longer authenticate API requests and cannot be re-enabled.
• Only workspace OWNERs can delete API keys.