Rotate Service Key

POST

/internal/admin/service-keys/{key_id}/rotate

Rotate a service API key.

Creates a new key with the same name, permissions, and settings as the existing key, then revokes the old key. This is an atomic operation.

Args: key_id: UUID of the key to rotate admin_key: Validated admin API key (from dependency) db: Database session

Returns: RotateServiceKeyResponse with old key info and new key details

Raises: 404: If key not found or already revoked

Parameters

Path Parameters

key_id

required

Key Id

string

Header Parameters

X-API-Key

Any of:

string
null

string

Responses

200

Key rotated successfully

RotateServiceKeyResponse

Response schema for service key rotation (FR-ROTATE-005).

Attributes: old_key_id: ID of the revoked key old_key_revoked_at: Timestamp when old key was revoked new_key: Details of the newly created key (includes plaintext)

object

old_key_id

required

Old Key Id

ID of the revoked key

string

old_key_revoked_at

required

Old Key Revoked At

Timestamp when old key was revoked

string format: date-time

new_key

required

CreateServiceKeyResponse

New key details (includes plaintext)

object

required

Key UUID

string

name

required

Name

Key name

string

api_key

required

Api Key

Plaintext key (shown once - store securely!)

string

created_at

required

Created At

Creation timestamp

string format: date-time

multi_tenant

required

Multi Tenant

Multi-tenant enabled

boolean

permissions

required

Permissions

Service permissions

Array<string>

401

Invalid API key

AdminAPIError

Standard error response for Admin API.

Attributes: error: Error code (e.g., ‘key_exists’, ‘permission_denied’) message: Human-readable error message

object

error

required

Error

Error code

string

message

required

Message

Human-readable error message

string

403

Missing admin:keys permission

AdminAPIError

Standard error response for Admin API.

Attributes: error: Error code (e.g., ‘key_exists’, ‘permission_denied’) message: Human-readable error message

object

error

required

Error

Error code

string

message

required

Message

Human-readable error message

string

404

Key not found or already revoked

AdminAPIError

Standard error response for Admin API.

Attributes: error: Error code (e.g., ‘key_exists’, ‘permission_denied’) message: Human-readable error message

object

error

required

Error

Error code

string

message

required

Message

Human-readable error message

string

422

Validation Error

HTTPValidationError

object

detail

Detail

Array<object>

ValidationError

object

loc

required

Location

Array

msg

required

Message

string

type

required

Error Type

string

input

Input

ctx

Context

object

429

Rate limited

AdminAPIError

Standard error response for Admin API.

Attributes: error: Error code (e.g., ‘key_exists’, ‘permission_denied’) message: Human-readable error message

object

error

required

Error

Error code

string

message

required

Message

Human-readable error message

string