Rotate secret key

POST 
/v2/keysets/:keysetId/secret-keys

Rotates the keyset's secret key. Supports two rotation modes depending on whether an expiration time is provided:

Rotation with Overlap (paid plan required): When expiresAt is provided:

  1. The current permanent secret key is assigned the specified expiration time
  2. A new permanent (non-expiring) secret key becomes the current key and is returned in the response
  3. You may replace the previous secret key with the new one without downtime.

Requirements:

  • Requires a paid plan
  • Maximum 5 rotated secret keys per keyset
  • Expiration must be at least 60 seconds in the future
  • Expiration must be at most 366 days in the future

Immediate Rotation: When expiresAt is NOT provided:

  1. The current secret key is immediately replaced with a new randomly generated secret key
  2. The old secret key becomes invalid
  3. There is no overlap period. We recommend you use this in development and testing environments

Request

Example
{
  "secretKey": "string"
}
Example
{
  "statusCode": 0,
  "error": "BadRequest",
  "message": [
    "string"
  ]
}
Example
{
  "statusCode": 0,
  "error": "Unauthorized",
  "message": [
    "string"
  ]
}
Example
{
  "statusCode": 0,
  "error": "Forbidden",
  "message": [
    "string"
  ]
}
Example
{
  "statusCode": 0,
  "error": "NotFound",
  "message": [
    "string"
  ]
}
Example
{
  "statusCode": 0,
  "error": "InternalError",
  "message": [
    "string"
  ]
}