DELETE /api/keys/[id]
Revoke a CLI API key you own. A key owned by someone else, or an unknown id, returns 404 — no existence leak.
This backs the web Settings → API keys → revoke action.
Revokes a CLI API key, but only if it belongs to the authenticated user. A key owned by someone else (or a non-existent id) returns 404, so the existence of another user’s keys is never revealed. Ownership is enforced twice — an explicit referenceId check, then Better Auth’s own server-side check.
Endpoint
DELETE https://scripto.codika.io/api/keys/{id}Auth
Session (web).
Response (200)
{ "success": true, "data": { "id": "key_…", "revoked": true } }Errors
| HTTP | code | Cause |
|---|---|---|
| 400 | invalid-argument | Missing key id. |
| 401 | unauthenticated | Not signed in. |
| 404 | not-found | No such key, or you don’t own it. |
| 500 | internal | Backend error. |
Revocation is immediate; the revoked key fails its next request with unauthenticated.
Next
- API keys — the key policy.