Skip to main content
POST
/
v1
/
organizations
/
users
/
{user_email}
/
api-keys
/
{key_name}
/
rotate
Rotate Api Key
curl --request POST \
  --url https://api.mixpeek.com/v1/organizations/users/{user_email}/api-keys/{key_name}/rotate \
  --header 'Authorization: Bearer <token>'
{
  "created_at": "2025-01-01T00:00:00Z",
  "created_by": "usr_admin",
  "description": "Service account for ingestion",
  "internal_id": "int_x1y2z3",
  "key_hash": "2c26b46b68ffc68ff99b453c1d304134",
  "key_id": "key_a1b2c3d4e5f6g7h",
  "key_prefix": "sk_abc123...",
  "name": "backend-service",
  "organization_id": "org_demo123",
  "permissions": [
    "read",
    "write"
  ],
  "scopes": [],
  "status": "active",
  "user_id": "usr_a1b2c3d4e5f6g7h"
}

Authorizations

​
Authorization
string
header
required

Bearer token authentication using your API key. Format: 'Bearer your_api_key'. To get an API key, create an account at mixpeek.com/start and generate a key in your account settings.

Headers

​
Authorization
string
required

REQUIRED: Bearer token authentication using your API key. Format: 'Bearer sk_xxxxxxxxxxxxx'. You can create API keys in the Mixpeek dashboard under Organization Settings.

Examples:

"Bearer sk_live_abc123def456"

"Bearer sk_test_xyz789"

Path Parameters

​
user_email
string
required
​
key_name
string
required

Response

Successful Response

API key response including the plaintext secret.

​
key_hash
string
required

SHA-256 hash of the plaintext key.

​
internal_id
string
required

Organization internal identifier.

​
user_id
string
required

Identifier of the user who owns the key.

​
name
string
required

Human-friendly key label.

​
key
string
required
​
key_id
string

Public identifier for the API key.

​
key_prefix
string | null

Visible prefix of the API key for user identification (e.g., 'sk_abc123...'). Shows the first 10 characters of the plaintext key to help users identify which key is which in lists, without exposing the full secret. This follows industry best practices from GitHub, Stripe, and AWS. Generated automatically for new keys. Older keys may not have this field.

Required string length: 10 - 13
Examples:

"sk_abc123..."

"sk_xyz789..."

​
organization_id
string | null

Organization public identifier (denormalized).

​
description
string
default:""

Optional description explaining the key usage.

​
permissions
enum<string>[]

Permissions granted to the key (least privilege recommended).

​
scopes
ResourceScope Β· object[]

Resource-level scopes restricting the key.

​
rate_limit_override
integer | null

Optional per-key rate limit override in requests per minute.

​
status
enum<string>

Lifecycle status of the key (active, revoked, expired).

Available options:
active,
revoked,
expired
​
expires_at
string<date-time> | null

UTC timestamp when the key automatically expires.

​
last_used_at
string<date-time> | null

UTC timestamp of the last successful request using the key.

​
created_at
string<date-time>

UTC timestamp when the key was created.

​
created_by
string | null

User identifier that created the key.

​
revoked_at
string<date-time> | null

UTC timestamp when the key was revoked (if applicable).

​
revoked_by
string | null

User identifier that revoked the key (if applicable).