Revoke Agent Api Key
Soft-revoke the agent’s active API key.
Idempotent: calling DELETE on an agent with no active key still
returns HTTP 200 with revoked=false. This lets clients call
DELETE blindly without first getting it to check existence.
Args: agent_id: Path parameter. current_user: Resolved from JWT. db: SQLAlchemy session.
Returns:
:class:APIKeyRevokeResponse with:
revoked=true, revoked_at=<now>if an active key was just revoked.revoked=false, revoked_at=nullif no active key existed.
Raises: HTTPException 401: missing or invalid JWT. HTTPException 404: agent missing / not owned.
Notes:
Revoked rows stay in the table forever (we only flip revoked_at).
The audit trail of “when was a key created and when was it
revoked” is the entire point of soft-delete here; hard-deleting
would also lose the ability to answer “is this old hash one
we issued?” during incident response.
Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
Path Parameters
Response
Successful Response
Response model for DELETE /api/agents/{agent_id}/api-key.
The endpoint is idempotent and always returns HTTP 200 when the
caller owns the agent. revoked distinguishes the two cases:
True: there was an active key and this call flipped itsrevoked_atto now.False: no active key existed; the call was a safe no-op.revoked_atisNonein this case.