Skip to main content
POST
/
v1
/
developer
/
keys
/
{id}
/
rotate
RotateApiKey
curl --request POST \
  --url https://sdk.anghami.com/v1/developer/keys/{id}/rotate \
  --header 'Authorization: <authorization>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "id": "<string>"
}
'
{
  "apiKey": {
    "id": "<string>",
    "name": "<string>",
    "keyPrefix": "<string>",
    "status": "API_KEY_STATUS_UNSPECIFIED",
    "scopes": [
      "<string>"
    ],
    "createdAt": "<string>",
    "lastUsedAt": "<string>",
    "expiresAt": "<string>"
  },
  "secret": "<string>"
}

Documentation Index

Fetch the complete documentation index at: https://docs.sdk.anghami.com/llms.txt

Use this file to discover all available pages before exploring further.

Headers

Authorization
string
required

OAuth 2.0 Bearer token. Required for all key management operations. Format: Bearer <access_token>.

Example:

"Bearer eyJhbGciOiJSUzI1NiIs..."

Path Parameters

id
string
required

Unique identifier of the API key to rotate.

Body

application/json

RotateApiKeyRequest is the request message for rotating an API key's secret. A new secret is generated while the old key remains valid for a server-defined grace period.

id
string
required

Unique identifier of the API key to rotate.

Response

Successful response

RotateApiKeyResponse is the response message containing the rotated API key and new secret. This is the only time the new secret is returned — store it securely.

apiKey
object

ApiKey represents a developer API key used for server-to-server authentication. API keys are passed in the x-api-key HTTP header and are billed per key. The full secret is only returned on creation and rotation.

secret
string

The new full API key secret. This replaces the previous x-api-key value. The old key remains valid for a server-defined grace period.