updateKey with enabled: false instead of deletion.
Required permissions:
Your root key must have one of the following permissions:
api.*.delete_key(to delete keys in any API)api.<api_id>.delete_key(to delete keys in a specific API)
See the API reference for the full HTTP endpoint documentation.
Usage
Flags
Specifies which key to delete using the database identifier returned from
createKey. Do not confuse this with the actual API key string that users include in requests. Deletion immediately invalidates the key, causing all future verification attempts to fail with code=NOT_FOUND. Key deletion triggers cache invalidation across all regions but may take up to 30 seconds to fully propagate.Controls deletion behavior between recoverable soft-deletion and irreversible permanent erasure. Soft deletion (default) preserves key data for potential recovery through direct database operations. Permanent deletion completely removes all traces including hash values and metadata with no recovery option.Use permanent deletion only for regulatory compliance (GDPR), resolving hash collisions, or when reusing identical key strings. Permanent deletion cannot be undone and may affect analytics data that references the deleted key. Most applications should use soft deletion to maintain audit trails and prevent accidental data loss.
Global Flags
| Flag | Type | Description |
|---|---|---|
--root-key | string | Override root key ($UNKEY_ROOT_KEY) |
--api-url | string | Override API base URL (default: https://api.unkey.com) |
--config | string | Path to config file (default: ~/.unkey/config.toml) |
--output | string | Output format — use json for raw JSON |
Examples
Output
Default output shows the request ID with latency:--output=json, the full response envelope is returned: