> ## Documentation Index
> Fetch the complete documentation index at: https://docs.usetapp.xyz/llms.txt
> Use this file to discover all available pages before exploring further.

# Rotate API Key

> Issue a fresh API key and invalidate the old one.

Rotates your API key. Authenticate this request with your **current** key; the
old key is invalidated immediately and the response returns the new one.

<Warning>
  After rotating, use the returned `api_key_id` as your `API-Key` header. The
  previous key stops working right away — update your integration before the next
  request. Store the `secret` securely; it's used to verify webhook signatures.
</Warning>

### Header Parameters

<ParamField header="API-Key" type="string" required>
  Your current API key.
</ParamField>

### Response

<ResponseField name="status" type="string">Response state (`success`).</ResponseField>

<ResponseField name="data" type="object">
  <ResponseField name="api_key_id" type="string">
    The new key — use it as your `API-Key` header.
  </ResponseField>

  <ResponseField name="secret" type="string">
    The new webhook HMAC signing secret.
  </ResponseField>
</ResponseField>

<ResponseExample>
  ```json Response (200 OK) theme={null}
  {
    "status": "success",
    "message": "API key rotated",
    "data": {
      "api_key_id": "9f1c2d3e-4a5b-6c7d-8e9f-0a1b2c3d4e5f",
      "secret": "sk_live_…"
    }
  }
  ```
</ResponseExample>
