Skip to main content
POST
/
v2
/
orgs
/
{orgSlug}
/
api-keys
/
{keyId}
/
rotate
Rotate Org API Key
curl --request POST \
  --url https://api.studio.prisme.ai/v2/orgs/{orgSlug}/api-keys/{keyId}/rotate \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "expiresAt": "2023-11-07T05:31:56Z"
}
'
{
  "id": "<string>",
  "slug": "<string>",
  "apiKey": "<string>",
  "name": "<string>",
  "permissions": [
    "<string>"
  ],
  "scopes": [
    "<string>"
  ],
  "ownerType": "<string>",
  "ownerId": "<string>",
  "expiresAt": "2023-11-07T05:31:56Z"
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

orgSlug
string
required
keyId
string
required

Body

application/json
expiresAt
string<date-time>

Response

Key rotated. The new raw key is shown only once.

Returned on create/rotate — raw key shown only once

id
string

Internal role ID

slug
string

Unique slug identifying the API key within the org

apiKey
string

The raw API key (iak_{orgSlug}_{uuid}). Shown only once.

name
string
permissions
string[]

Array of permission strings. Convention: {product}:{resource}:{action} Wildcards: Use * at end only (e.g., orgs:* matches orgs:members:manage) Platform permissions: - orgs:* (full org access) - orgs:members:manage, orgs:roles:manage, orgs:manage - orgs:branding:manage, orgs:navigation:manage - orgs:subscriptions:view, orgs:subscriptions:manage - orgs:apikeys:manage, orgs:invites:manage, orgs:join-rules:manage - secure-chat:, store:, knowledge:, builder: - agent-builder:, analytics:view, platform-admin: Custom app permissions: {app-slug}:{resource}:{action} Example: my-crm:contacts:read, my-crm:deals:manage Super admin: ["*"] (matches everything)

scopes
string[]
ownerType
string

Owner type (e.g. agent, vector_stores). Force-prefixed by the runtime when minted via access-manager.

ownerId
string
expiresAt
string<date-time>