Rotate an API key
Mints a replacement key that inherits the original's scopes, name, and type by default, then revokes the original. Pass optional overrides in the request body to narrow / widen scopes, rename the key, or change its lifetime in the same call — fields you omit inherit from the original. The full key secret of the new key is only returned once in this response — store it securely and update wherever the old key was wired.
Authorization
Bearer JWT Authorization header using the Bearer scheme. Enter 'Bearer' [space] and then your token.
In: header
Path Parameters
The API key identifier to rotate
The tenant identifier
The authentication or validation token
Optional overrides for the replacement key. Empty body is valid and means "no changes other than the secret."
New display name. Omit to keep the original key's name (the common case — rotation preserves the name so consumers recognise their key after rotation).
Number of days the replacement is valid for. Omit to renew
for the same window the original carried; pass an integer to
pick a different lifetime; pass null on the wire (via
JSON) to make it non-expiring.
int32Explicit scope list to grant the replacement. Combined (unioned) with the expansion of Fruxon.Model.Tokens.RotateTokenRequest.Preset when both are supplied — same rules as the mint endpoint. Omit (null or empty array) to keep the original key's scopes.
Named preset to expand into a scope list. One of runner,
builder, read-only, admin. Omit to keep
the original key's scopes.
Response Body
curl -X POST "https://api.fruxon.com/v1/tenants/string/tokens/string:rotate" \ -H "Content-Type: application/json" \ -d '{}'{
"id": "string",
"name": "string",
"token": "string",
"keyPrefix": "string",
"scopes": [
"string"
],
"createdAt": 0,
"expiresAt": 0,
"type": "USER",
"createdBy": "string"
}{
"type": "string",
"title": "string",
"status": 0,
"detail": "string",
"instance": "string",
"property1": null,
"property2": null
}