---
title: DELETE /api/keys/[id]
description: Revoke a CLI API key you own. A key owned by someone else, or an unknown id, returns 404 — no existence leak.
---

<Note>

This backs the web **Settings → API keys → revoke** action.

</Note>

Revokes a CLI API key, but only if it belongs to the authenticated user. A key owned by someone else (or a non-existent id) returns **404**, so the existence of another user's keys is never revealed. Ownership is enforced twice — an explicit `referenceId` check, then Better Auth's own server-side check.

## Endpoint

```text
DELETE https://scripto.codika.io/api/keys/{id}
```

## Auth

Session (web).

## Response (200)

```json
{ "success": true, "data": { "id": "key_…", "revoked": true } }
```

## Errors

| HTTP | `code` | Cause |
|---|---|---|
| 400 | `invalid-argument` | Missing key id. |
| 401 | `unauthenticated` | Not signed in. |
| 404 | `not-found` | No such key, or you don't own it. |
| 500 | `internal` | Backend error. |

Revocation is immediate; the revoked key fails its next request with `unauthenticated`.

## Next

- **[API keys](/concepts/api-keys)** — the key policy.