Delete API Keys
Overview
The Delete API Keys endpoint allows you to remove API keys that are no longer needed. This is important for security and maintaining a clean API key inventory.
Prerequisites
Before deleting API keys, you must have:
- JWT Authentication Token from login
- API Key ID from the List API Keys endpoint
Endpoint
URL: {{base_url}}/api/clients/api-keys/{api_key_id}
Method: DELETE
Headers:
Authorization: Bearer <your_jwt_token>
Content-Type: application/json
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
api_key_id | string | Yes | The ID of the API key to delete |
Example Request
curl -X DELETE https://k2-ussd-api.devlorde.xyz/api/clients/api-keys/f7fa38ec-0e19-405c-820f-bf65912ab4ec \
-H "Authorization: Bearer <your_jwt_token>" \
-H "Content-Type: application/json"
Response
{
"status": 200,
"message": "API Key deleted successfully",
"data": {
"deleted_id": "f7fa38ec-0e19-405c-820f-bf65912ab4ec",
"deleted_at": "2024-01-15T12:00:00Z"
}
}
Error Responses
401 Unauthorized
{
"status": 401,
"message": "Invalid JWT token",
"data": null
}
403 Forbidden
{
"status": 403,
"message": "Insufficient permissions to delete this API key",
"data": null
}
404 Not Found
{
"status": 404,
"message": "API Key not found",
"data": null
}
400 Bad Request
{
"status": 400,
"message": "Invalid API key ID format",
"data": null
}
Implementation Example
async function deleteApiKey(jwtToken, apiKeyId) {
try {
const response = await fetch(`https://k2-ussd-api.devlorde.xyz/api/clients/api-keys/${apiKeyId}`, {
method: 'DELETE',
headers: {
'Authorization': `Bearer ${jwtToken}`,
'Content-Type': 'application/json'
}
});
const data = await response.json();
if (data.status === 200) {
console.log('API Key deleted successfully:', data.data.deleted_id);
return data.data;
} else {
throw new Error(data.message);
}
} catch (error) {
console.error('Failed to delete API key:', error.message);
throw error;
}
}
// Usage example
const deletedKey = await deleteApiKey(jwtToken, 'f7fa38ec-0e19-405c-820f-bf65912ab4ec');
console.log(`API Key ${deletedKey.deleted_id} was deleted at ${deletedKey.deleted_at}`);
Bulk Delete (Optional)
If the API supports bulk deletion, you can delete multiple API keys at once:
curl -X DELETE https://k2-ussd-api.devlorde.xyz/api/clients/api-keys/bulk \
-H "Authorization: Bearer <your_jwt_token>" \
-H "Content-Type: application/json" \
-d '{
"api_key_ids": [
"f7fa38ec-0e19-405c-820f-bf65912ab4ec",
"a1b2c3d4-e5f6-7890-abcd-ef1234567890"
]
}'
Best Practices
- Confirm Before Delete: Always verify the API key ID before deletion
- Backup Important Data: Ensure you have backups of any important API key information
- Monitor Active Usage: Check if the API key is currently in use before deleting
- Regular Cleanup: Schedule regular cleanup of unused API keys
- Audit Trail: Keep records of deleted API keys for audit purposes
- Test in Development: Test deletion in a development environment first
Security Considerations
- Irreversible Action: API key deletion is permanent and cannot be undone
- Active Sessions: Deleting an API key will invalidate any active sessions using it
- Dependencies: Check for any systems or applications that depend on the API key
- Notification: Consider notifying team members before deleting shared API keys
Next Steps
- Generate API Keys - Create new API keys
- List API Keys - View all your API keys
- Error Handling - Understand error responses