Disable API Key

POST/web/v1/workspaces/{workspaceId}/api-keys/{keyId}/disable JWT

Disables an active API key. Once disabled, any requests authenticated with this key will be rejected.

Required Headers

Header	Example Value	Description
Content-Type	application/json	Request content type
Accept	application/json	Expected response type
X-Client-Hash		Client device fingerprint
Accept-Language	en, zh, zh-Hant, ja, vi	Response language (default: en)
Authorization	Bearer	JWT access token
X-Workspace-Id		Target workspace ID

Request Parameters

Name	Type	Required	In	Description
workspaceId	string	Required	path	Workspace business ID
keyId	string	Required	path	API key business ID

Success Response

No Content 200

{
  "version": "1.3.0",
  "timestamp": 1709337600000,
  "success": true,
  "code": "2000",
  "message": "SUCCESS",
  "data": null
}

Error Responses

Unauthorized 401

{
  "success": false,
  "code": "4010",
  "message": "Invalid or expired token"
}

Forbidden — not workspace owner 403

{
  "success": false,
  "code": "4030",
  "message": "Only workspace owner can manage API keys"
}

Notes

• Disabling a key is reversible; use the Enable API Key endpoint to reactivate it.
• Only workspace OWNERs can disable API keys.