FruxonDocs
UsersAPI Access

Revoke a token

Permanently revokes a token — terminal and irreversible. Any request using it immediately starts returning 401. The row is retained so the audit and request-activity history survive. To temporarily suspend access, suspend the owning principal (e.g. the service account) instead — a token cannot be paused and re-enabled.

DELETE
/v1/tenants/{tenant}/tokens/{token}

Authorization

Bearer
AuthorizationBearer <token>

JWT Authorization header using the Bearer scheme. Enter 'Bearer' [space] and then your token.

In: header

Path Parameters

token*string

The token identifier

tenant*string

The tenant identifier

Response Body

curl -X DELETE "https://api.fruxon.com/v1/tenants/string/tokens/string"
Empty
Empty
Empty
{
  "type": "string",
  "title": "string",
  "status": 0,
  "detail": "string",
  "instance": "string",
  "property1": null,
  "property2": null
}

Get the calling API key's own metadata — name, prefix, scopes, expiry, last-used.

Self-introspection. Returns 404 when the caller authenticated via federation/JWT (no API key in scope) and 401 when there's no authentication at all. Never returns the raw secret — only the displayable prefix. No `[RequireScope]`: a key must be able to read its own metadata regardless of what scopes it carries, otherwise narrow keys couldn't see what they can do.

Generate a new API key

Creates a new API key with the specified permissions. The full key secret is only returned once in this response - store it securely.