> ## Documentation Index
> Fetch the complete documentation index at: https://ownpay.org/docs/llms.txt
> Use this file to discover all available pages before exploring further.

> ## Agent Instructions
> OwnPay is licensed under AGPL-3.0 and is completely free - no licensing fees.
> Production docs URL: https://ownpay.org/docs - append .md to any page URL for clean markdown.
> OwnPay requires PHP 8.3+, MySQL/MariaDB, and Redis.
> MCP server available at https://ownpay.org/docs/mcp for programmatic documentation queries.
> Use root-relative links (e.g. /quickstart) for internal navigation - do NOT include /docs prefix.
> Plugin development: consult /developer/plugin-types/ pages for correct interfaces and manifests.

# Revoke API Key

> Revokes an API key, rendering it immediately inactive.
**Requires special admin authorization**: API key must possess `write` and `admin` scopes, and the `X-Super-Admin-Email` header
must identify an active superadmin.




## OpenAPI

````yaml /api/merchant_api.yaml delete /api-keys/{id}
openapi: 3.1.0
info:
  title: OwnPay Merchant API
  description: >
    The OwnPay Merchant API enables merchants to programmatically interface with
    their white-labeled payment gateway.

    It exposes endpoints to initiate payments (creating payment intents), query
    transaction statuses, issue full or partial refunds, manage customer
    profiles securely in compliance with GDPR and OWASP, generate and revoke API
    keys, and test/audit webhook delivery attempts.


    ### Authentication

    Authentication is performed via HTTP Bearer token in the `Authorization`
    header.

    ```http

    Authorization: Bearer your_api_key_here

    ```

    API keys carry specific privilege scopes (e.g., `read`, `write`, `admin`).

    Some administrative operations (like listing/generating API keys) require
    **both** `write` and `admin` scopes, as well as passing a valid platform
    super-administrator's email address in the `X-Super-Admin-Email` header for
    safety.
  version: 1.0.0
servers:
  - url: https://{brand_domain}/api/v1
    description: Sandbox or Production white-labeled brand gateway API server.
    variables:
      brand_domain:
        default: ownpay.org
        description: The custom domain configured for your white-labeled brand.
security:
  - BearerAuth: []
paths:
  /api-keys/{id}:
    delete:
      summary: Revoke API Key
      description: >
        Revokes an API key, rendering it immediately inactive.

        **Requires special admin authorization**: API key must possess `write`
        and `admin` scopes, and the `X-Super-Admin-Email` header

        must identify an active superadmin.
      operationId: revokeApiKey
      parameters:
        - name: X-Super-Admin-Email
          in: header
          required: true
          description: Email of an active platform super-administrator.
          schema:
            type: string
        - name: id
          in: path
          required: true
          description: The integer ID of the API key to revoke.
          schema:
            type: integer
      responses:
        '200':
          description: Key revoked successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/MessageResponse'
        '400':
          description: Revocation failed.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiSingleErrorResponse'
        '404':
          description: API key not found or belongs to another merchant.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiSingleErrorResponse'
components:
  schemas:
    MessageResponse:
      type: object
      properties:
        success:
          type: boolean
          example: true
        data:
          type: object
          properties:
            message:
              type: string
              example: Key revoked
    ApiSingleErrorResponse:
      type: object
      properties:
        success:
          type: boolean
          example: false
        error:
          type: string
          example: Payment not found
        errors:
          type: array
          items:
            type: object
            properties:
              code:
                type: string
                example: PAYMENT_NOT_FOUND
              message:
                type: string
                example: Payment not found
              field:
                type: string
                nullable: true
                example: null
        request_id:
          type: string
          example: 8f5a2e9b0c7d4e5f
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      description: Provide the Bearer API Key generated for your brand.

````

## Related topics

- [Laravel SDK - Fluent Payment Integration for PHP Apps](/docs/developer/integration/laravel.md)
- [Generate API Key](/docs/api-reference/generate-api-key.md)
- [List API Keys](/docs/api-reference/list-api-keys.md)
- [Developer Quickstart - Build Your First Payment Integration](/docs/developer/quickstart.md)
- [Developer Hub - API Keys, Webhooks, and Rate Limits](/docs/user-guide/developers/developer-hub.md)
