DELETE/v1/api_tokens/{id}
api_tokens.delete
Soft-deletes (revokes) the token. Subsequent requests using the revoked token receive 401. The row is retained for forensic audit (the unique-prefix constraint also blocks an attacker from re-registering a revoked prefix). The current request succeeds even if the caller is revoking the token they're using right now — the very next request 401s.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | required | API token id, e.g. `tok_<32 hex chars>`. |
| Idempotency-Key | string | optional | Optional client-supplied key for at-most-once semantics. The first request with a given key is processed; subsequent requests with the same key replay the cached response for 24h. |
Response
No parameters.
Examples
curl -sS -X DELETE \
-H "Authorization: Bearer $CULPRIT_API_TOKEN" \
https://api.theculprit.ai/v1/api_tokens/{id}Try it
Stored locally in your browser at localStorage.docs.tryit.token. Never sent to Culprit's analytics. Use a read-only token.