Update secret key expiration time

Updates the expiration time of a rotated secret key.

Requirements:

A paid plan
Secret key prefix must be in format sec-c-{5chars} (exactly 5 alphanumeric characters)
Requested secret key must already have an expiration date
New expiration must be at least 60 seconds in the future
New expiration must be at most 366 days in the future

Path Parameters
`keysetId` string — REQUIRED a string to be decoded into a number
`secretKeyPrefix` Secret Key Prefix — REQUIRED Possible values: Value must match regular expression `^sec-c-[a-zA-Z0-9]{5}$` prefix in format `sec-c-{5chars}`. Don't provide the full secret key. prefix in format `sec-c-{5chars}`. Don't provide the full secret key.

Header Parameters
`PubNub-Version` string — REQUIRED Possible values: [`2025-11-01`]

Request Body — REQUIRED
`expiresAt` date-time — REQUIRED Possible values: Value must match regular expression `^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d{3})?Z$` New expiration timestamp for the secret key in ISO 8601 UTC format (e.g., "2025-12-31T23:59:59Z"). Must be at least 60 seconds in the future and at most 366 days in the future. Must end with "Z" to indicate UTC timezone.

Responses

200

Success

Schema — OPTIONAL

secretKey object

secretKey string

The secret key value

expiresAt date-time

Possible values: Value must match regular expression ^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(\.\d{3})?Z$

Expiration timestamp in ISO 8601 UTC format (e.g., "2025-12-31T23:59:59Z"). Null means the secret key never expires.

400

Bad Request Error

Schema — OPTIONAL
`statusCode` number
`error` string Possible values: [`BadRequest`]
`message` string[]

401

UnauthorizedError

Schema — OPTIONAL
`statusCode` number
`error` string Possible values: [`Unauthorized`]
`message` string[]

403

ForbiddenError

Schema — OPTIONAL
undefined

404

NotFoundError

Schema — OPTIONAL
`statusCode` number
`error` string Possible values: [`NotFound`]
`message` string[]

500

InternalErrorError

Schema — OPTIONAL
`statusCode` number
`error` string Possible values: [`InternalError`]
`message` string[]

* required

PubNub-Version*

Type: string

Possible values: [2025-11-01]

* required

keysetId*

Type: string

secretKeyPrefix*

Type: string

prefix in format sec-c-{5chars}. Don't provide the full secret key.

* required

expiresAt*

Type: string

New expiration timestamp for the secret key in ISO 8601 UTC format (e.g., "2025-12-31T23:59:59Z"). Must be at least 60 seconds in the future and at most 366 days in the future. Must end with "Z" to indicate UTC timezone.

Pattern: ^\d{4}-\d{2}-\d{2}T\...Format: date-time

secretKey

Type: object

Example Response

{
  "secretKey": {
    "secretKey": "sec-c-xyz789",
    "expiresAt": "2026-01-31T23:59:59Z"
  }
}

statusCode

Type: number

error

Type: string

Enum (1 values)

View all values

"BadRequest"

message

Type: array

Array items:

items

Type: string

statusCode

Type: number

error

Type: string

Enum (1 values)

View all values

"Unauthorized"

message

Type: array

Array items:

items

Type: string

statusCode

Type: number

error

Type: string

Enum (1 values)

View all values

"NotFound"

message

Type: array

Array items:

items

Type: string

statusCode

Type: number

error

Type: string

Enum (1 values)

View all values

"InternalError"

message

Type: array

Array items:

items

Type: string

Header Parameters

Path Parameters

Request Body

Responses