> ## Documentation Index > Fetch the complete documentation index at: https://docs.sdk.anghami.com/llms.txt > Use this file to discover all available pages before exploring further. # RevokeApiKey > RevokeApiKey permanently deactivates an API key. Once revoked, the key can no longer be used for authentication. This action is irreversible. ## OpenAPI ````yaml /api/anghami-sdk.openapi.yaml post /v1/developer/keys/{id}/revoke openapi: 3.1.0 info: title: Anghami + OSN+ SDK description: >- Unified OpenAPI bundle covering all Anghami + OSN+ SDK services (music + video streaming). contact: name: Anghami Developer Platform email: developers@anghami.com version: 1.0.0 servers: - url: https://sdk.anghami.com security: [] paths: /v1/developer/keys/{id}/revoke: post: tags: - DeveloperService summary: RevokeApiKey description: |- RevokeApiKey permanently deactivates an API key. Once revoked, the key can no longer be used for authentication. This action is irreversible. operationId: RevokeApiKey parameters: - name: Authorization in: header description: >- OAuth 2.0 Bearer token. Required for all key management operations. Format: Bearer . required: true schema: type: string example: Bearer eyJhbGciOiJSUzI1NiIs... - name: id in: path description: Unique identifier of the API key to revoke. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/sdk_developer_v1_RevokeApiKeyRequest' required: true responses: '200': description: Successful response content: application/json: schema: $ref: '#/components/schemas/sdk_developer_v1_RevokeApiKeyResponse' '400': description: Validation error content: application/json: schema: $ref: '#/components/schemas/ValidationError' default: description: Error response content: application/json: schema: $ref: '#/components/schemas/Error' components: schemas: sdk_developer_v1_RevokeApiKeyRequest: type: object properties: id: type: string description: Unique identifier of the API key to revoke. required: - id description: >- RevokeApiKeyRequest is the request message for permanently revoking an API key. Once revoked, the key can no longer be used for authentication. sdk_developer_v1_RevokeApiKeyResponse: type: object properties: apiKey: $ref: '#/components/schemas/sdk_developer_v1_ApiKey' description: >- RevokeApiKeyResponse is the response message confirming the key has been revoked. ValidationError: type: object properties: violations: type: array items: $ref: '#/components/schemas/FieldViolation' description: List of validation violations required: - violations description: >- ValidationError is returned when request validation fails. It contains a list of field violations describing what went wrong. Error: type: object properties: message: type: string description: Error message (e.g., 'user not found', 'database connection failed') description: >- Error is returned when a handler encounters an error. It contains a simple error message that the developer can customize. sdk_developer_v1_ApiKey: type: object properties: id: type: string description: Unique identifier for the API key. name: type: string description: >- Developer-assigned label for identification (e.g. "Production", "Staging"). keyPrefix: type: string description: |- Visible prefix for identification (e.g. "ang_live_abc"). The full key is never returned after initial creation. status: type: string enum: - API_KEY_STATUS_UNSPECIFIED - API_KEY_STATUS_ACTIVE - API_KEY_STATUS_REVOKED description: ApiKeyStatus represents the lifecycle state of an API key. scopes: type: array items: type: string description: >- Granted permission scopes for this key. Valid values: "read", "stream". createdAt: type: string description: ISO 8601 timestamp of when the key was created. lastUsedAt: type: string description: |- ISO 8601 timestamp of when the key was last used for authentication. Empty if the key has never been used. expiresAt: type: string description: |- ISO 8601 timestamp of when the key expires. Empty if the key does not expire. description: >- ApiKey represents a developer API key used for server-to-server authentication. API keys are passed in the x-api-key HTTP header and are billed per key. The full secret is only returned on creation and rotation. FieldViolation: type: object properties: field: type: string description: >- The field path that failed validation (e.g., 'user.email' for nested fields). For header validation, this will be the header name (e.g., 'X-API-Key') description: type: string description: >- Human-readable description of the validation violation (e.g., 'must be a valid email address', 'required field missing') required: - field - description description: FieldViolation describes a single validation error for a specific field. ````