FruxonDocs
UsersAPI Access

Rotate a service account's credential.

Mints a fresh API key for the service account and revokes its other active keys. Zero-downtime — the new key is live before the old ones are retired. The new key's plaintext secret is returned once.

POST
/v1/tenants/{tenant}/serviceAccounts/{serviceAccount}:rotate

Authorization

Bearer
AuthorizationBearer <token>

JWT Authorization header using the Bearer scheme. Enter 'Bearer' [space] and then your token.

In: header

Path Parameters

serviceAccount*string

The unique identifier of the service account.

tenant*string

The tenant identifier

Query Parameters

keyExpirationDays?integer

Optional expiry, in days, for the new key. Omit for a key that never expires.

Formatint32

Response Body

curl -X POST "https://api.fruxon.com/v1/tenants/string/serviceAccounts/string:rotate"
{
  "id": "string",
  "name": "string",
  "token": "string",
  "keyPrefix": "string",
  "scopes": [
    "string"
  ],
  "createdAt": 0,
  "expiresAt": 0,
  "type": "USER",
  "createdBy": "string"
}
Empty
{
  "type": "string",
  "title": "string",
  "status": 0,
  "detail": "string",
  "instance": "string",
  "property1": null,
  "property2": null
}
{
  "type": "string",
  "title": "string",
  "status": 0,
  "detail": "string",
  "instance": "string",
  "property1": null,
  "property2": null
}

Provision a service account.

Creates a new workload principal with the requested scope grant and mints its first API key. The key's plaintext secret is returned once in the response and never again — capture it now. Provisioning is an administrative action; gate access with the `keys:write` scope.

List all API keys

Returns all API keys for the current organization. Key secrets are masked and only shown once at creation time.