API Keys
Delete API Key
Revoke an API key by its id.
POST /api/auth/api-key/deleteRevokes (deletes) an existing API key. The key is identified by its keyId.
This endpoint uses POST, not HTTP DELETE. Revoking a key is immediate and permanent — any client still using it will start receiving 401 responses.
This endpoint authenticates with your logged-in dashboard session, not an API key. Send your session cookie with the request.
Request Body
Prop
Type
Response
Returns a success flag.
Prop
Type
curl -X POST "https://app.rybbit.io/api/auth/api-key/delete" \
-H "Cookie: better-auth.session_token=YOUR_SESSION_TOKEN" \
-H "Content-Type: application/json" \
-d '{"keyId": "key_8f3a1b2c4d5e6f7g"}'const response = await fetch(
'https://app.rybbit.io/api/auth/api-key/delete',
{
method: 'POST',
credentials: 'include',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
keyId: 'key_8f3a1b2c4d5e6f7g'
})
}
);
const data = await response.json();import requests
response = requests.post(
'https://app.rybbit.io/api/auth/api-key/delete',
json={
'keyId': 'key_8f3a1b2c4d5e6f7g'
},
headers={
'Cookie': 'better-auth.session_token=YOUR_SESSION_TOKEN'
}
)
data = response.json()$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://app.rybbit.io/api/auth/api-key/delete");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode([
'keyId' => 'key_8f3a1b2c4d5e6f7g'
]));
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Cookie: better-auth.session_token=YOUR_SESSION_TOKEN',
'Content-Type: application/json'
]);
$response = curl_exec($ch);
curl_close($ch);
$data = json_decode($response, true);require 'net/http'
require 'json'
uri = URI("https://app.rybbit.io/api/auth/api-key/delete")
req = Net::HTTP::Post.new(uri)
req['Cookie'] = 'better-auth.session_token=YOUR_SESSION_TOKEN'
req['Content-Type'] = 'application/json'
req.body = {
keyId: 'key_8f3a1b2c4d5e6f7g'
}.to_json
res = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) { |http| http.request(req) }
data = JSON.parse(res.body)body := bytes.NewBuffer([]byte(`{
"keyId": "key_8f3a1b2c4d5e6f7g"
}`))
req, _ := http.NewRequest("POST", "https://app.rybbit.io/api/auth/api-key/delete", body)
req.Header.Set("Cookie", "better-auth.session_token=YOUR_SESSION_TOKEN")
req.Header.Set("Content-Type", "application/json")
client := &http.Client{}
resp, _ := client.Do(req)
defer resp.Body.Close()
var data map[string]interface{}
json.NewDecoder(resp.Body).Decode(&data)let client = reqwest::Client::new();
let res = client
.post("https://app.rybbit.io/api/auth/api-key/delete")
.header("Cookie", "better-auth.session_token=YOUR_SESSION_TOKEN")
.json(&serde_json::json!({
"keyId": "key_8f3a1b2c4d5e6f7g"
}))
.send()
.await?;
let data: serde_json::Value = res.json().await?;HttpClient client = HttpClient.newHttpClient();
String json = "{\"keyId\": \"key_8f3a1b2c4d5e6f7g\"}";
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://app.rybbit.io/api/auth/api-key/delete"))
.header("Cookie", "better-auth.session_token=YOUR_SESSION_TOKEN")
.header("Content-Type", "application/json")
.POST(HttpRequest.BodyPublishers.ofString(json))
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());using var client = new HttpClient();
client.DefaultRequestHeaders.Add("Cookie", "better-auth.session_token=YOUR_SESSION_TOKEN");
var content = new StringContent(
"{\"keyId\": \"key_8f3a1b2c4d5e6f7g\"}",
Encoding.UTF8,
"application/json"
);
var response = await client.PostAsync("https://app.rybbit.io/api/auth/api-key/delete", content);
var data = await response.Content.ReadAsStringAsync();{
"success": true
}