Skip to main content

Overview

Generates a new API key for your platform. The old key is immediately invalidated.
This action cannot be undone! Your old API key will stop working immediately. Update all services using the old key before regenerating.

Authentication

Requires Platform API Key in the X-API-Key header (the old key you’re replacing).

Request

No request body required.

Response

success
boolean
Always true on successful regeneration
api_key
string
Your new API key. Save this immediately - it will never be shown again.
message
string
Important reminder to save the key

When to Regenerate

Security Breach

If your API key is exposed (committed to git, leaked in logs, etc.):

Regular Rotation

Rotate keys every 90 days as a security best practice:

Employee Offboarding

When team members leave who had access to the key:

Zero-Downtime Rotation

For critical production systems, use this pattern:

Best Practices

Save Immediately

Update All Services

Test Before Deploying

Keep Audit Trail

Error Responses

Invalid API Key

Rate Limit

Security Considerations

Never commit API keys to version control!Always use environment variables or secrets managers:
  • AWS Secrets Manager
  • Google Secret Manager
  • HashiCorp Vault
  • Environment variables in deployment platform

Immediate Invalidation

The old key stops working immediately upon regeneration:

No Grace Period

Unlike some services, there is no grace period where both keys work. Plan your rotation accordingly.

Platform Dashboard

Verify new key works

Platform Settings

Configure platform settings