Skip to main content
DELETE
Revoke an API key

What this endpoint does

Revokes an API key so it can no longer authenticate new requests.

When to use it

Revoke a key when an integration is retired, compromised, or replaced.

Before you call

Use API-key administration access and pass a key ID owned by the same tenant account. Ensure another administrator key remains available.

Money and balance effect

This changes a resource or configuration but does not directly reserve, debit, credit, or settle wallet money.

States and completion

Revocation is the terminal key state. It does not cancel money operations already accepted.

Safe retries

DELETE does not use an Idempotency-Key. If the response is lost, list the key first. An already revoked or absent key means there is no active credential left to revoke. Read API keys for the complete workflow.

Authorizations

Authorization
string
header
required

Send the same Wayex API key as Authorization: Bearer <key>.

Path Parameters

id
string
required

Response

The revoked key.

id
string
required
Minimum string length: 1
counterpartyId
string
required
Minimum string length: 1
kind
enum<string>
required
Available options:
secret,
publishable
name
string
required
Minimum string length: 1
maskedKey
string
required
Minimum string length: 1
lastFour
string
required
status
enum<string>
required
Available options:
active,
revoked
createdAt
string<date-time>
required
revokedAt
string<date-time>
rotatedToId
string
Minimum string length: 1
scopes
enum<string>[]
Available options:
customers:read,
customers:write,
routes:read,
routes:write,
transfers:read,
transfers:write,
treasury:read,
treasury:write,
rates:read,
webhooks:read,
webhooks:write,
fees:read,
fees:write,
keys:read,
keys:write,
settings:read,
settings:write,
admin:read,
admin:write
allowedIps
string[]
Required string length: 1 - 49
Pattern: ^[0-9a-fA-F:.]+(\/\d{1,3})?$