Deleting or revoking an API key
You can revoke or delete API keys from the API Developer Console. Revoking temporarily disables a key by setting its expiration to today, while deleting permanently removes it. Both actions immediately stop the key from authenticating requests.
Revoking an API key
Revoking a key disables it without permanently deleting it. This keeps an audit trail and lets you restore access later if needed. It's the better choice for compromised keys, regular security rotation, or any situation where you might need the key again.
- Go to the API Developer Console
- Click API Keys in the left sidebar
- Locate the key you want to revoke
- Click the three dots next to the key
- Select Revoke
The key stops working immediately. The system sets the expiration date to today to revoke access.
Deleting an API key
Deleting permanently removes a key from your account. This can't be undone, so delete only keys you're certain you won't need again (e.g., unused keys or keys to reduce your attack surface).
- Go to the API Developer Console
- Click API Keys in the left sidebar
- Locate the key you want to delete
- Click the three dots next to the key
- Select Delete
Once you delete it, a key cannot be recovered.
Can I restore an API key?
Yes, but only if you revoked it rather than deleted it. Revoked keys remain in your console and can be restored to working status. Simply locate the revoked key and restore it through the same menu.
Deleted keys are permanently removed and cannot be recovered. You'll need to create a new API key if you deleted one by mistake.