Roll website key

PUT https://datafa.st/api/v1/admin/websites/{websiteId}/apikeys/{apiKeyId}

Regenerate a df_ website API key, invalidating the old value. The new full key is returned once.

Use this to rotate compromised keys without creating a new key record.

Request

Path parameters

websiteId

string

Website ObjectId. From List websites (_id field). Example: 665f0b3c4d2e1a0012345678.

apiKeyId

string

Website API key ObjectId from List website keys.

Response

Returns a JSON object with status: "success" and endpoint-specific fields in data.

Response fields

data[]._id

string

Website API key ObjectId.

data[].name

string|null

Human-readable name for the resource or event. The exact meaning depends on the endpoint.

data[].displayKey

string

Masked key shown in the dashboard.

data[].websiteId

string

Website ObjectId used by account tokens to choose which website to query or manage.

data[].lastUsedAt

string|null

Last usage timestamp.

data[].createdAt

string

Creation timestamp.

data[].key

string

Only returned when creating or rolling a key. Full raw key shown once.

Authentication

Use a dft_ account token with api-keys:write.

A df_ website API key for the same website can also call this route when the path websiteId matches the key's website. Write access with a df_ key is capped at member level — owner-only actions such as team management require a dft_ token and owner role.

Errors

See API errors for the standard error envelope, auth failures, validation errors, permission errors, and rate limits.

✍️ Something missing? Suggest features.

🤖 AI agent or LLM? Read this page as markdown

{ "status": "success", "data": [{ "_id": "665f0b3c4d2e1a0012345678", "name": "Production key", "displayKey": "df_ab12...xyz9", "websiteId": "665f0b3c4d2e1a0012345678", "key": "df_full_key_shown_once" }] }