RevKeenDocs

Rotate a managed Cart API key

Rotates the managed RevKeen Cart publishable or secret key. The new key value is returned once; previous keys remain valid for the requested grace window.


Related endpoints

  • GET /cart-api-keys/status — Get managed Cart API key status
  • POST /cart-api-keys/ensure — Ensure managed Cart API keys exist

Common errors

  • 400 invalid_request — malformed payload or failed validation.
  • 401 unauthenticated — missing, malformed, or revoked API key.
  • 403 permission_denied — key lacks the required scope, or the resource belongs to a different merchant.

Idempotency

Pass an Idempotency-Key header (UUID v4 recommended) to make retries safe. Keys are valid for 24 hours; see the idempotency guide.

POST
/cart-api-keys/{kind}/rotate
x-api-key<token>

Your RevKeen API key (powered by Unkey). Get it from Dashboard > Settings > API Keys. Use rk_sandbox_* for test mode and rk_live_* for production.

In: header

Path Parameters

kind*string
Value in"publishable" | "secret"

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

Response Body

application/json

application/json

application/json

application/json

Stuck on an error response? Ask the RevKeen assistant to explain it.
curl -X POST "https://api.revkeen.com/v2/cart-api-keys/publishable/rotate" \
  -H "x-api-key: $REVKEEN_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "grace_hours": 24
  }'
{
  "success": true,
  "data": {
    "api_key": "string",
    "id": "string",
    "unkey_key_id": "string",
    "key_kind": "publishable",
    "rolled_from": "string",
    "old_key_expires_at": "string",
    "grace_hours": 0
  }
}
{
  "error": "string"
}
{
  "error": "string"
}
{
  "error": "string"
}