Rotate a managed Cart API key
Rotates the managed RevKeen Cart publishable or secret key. The new key value is returned once; previous keys remain valid for the requested grace window.
Related endpoints
GET /cart-api-keys/status— Get managed Cart API key statusPOST /cart-api-keys/ensure— Ensure managed Cart API keys exist
Common errors
400 invalid_request— malformed payload or failed validation.401 unauthenticated— missing, malformed, or revoked API key.403 permission_denied— key lacks the required scope, or the resource belongs to a different merchant.
Idempotency
Pass an Idempotency-Key header (UUID v4 recommended) to make retries safe. Keys are valid for 24 hours; see the idempotency guide.
x-api-key<token>
Your RevKeen API key (powered by Unkey). Get it from Dashboard > Settings > API Keys. Use rk_sandbox_* for test mode and rk_live_* for production.
In: header
Path Parameters
kind*string
Value in
"publishable" | "secret"Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
application/json
application/json
application/json
Stuck on an error response? Ask the RevKeen assistant to explain it.
curl -X POST "https://api.revkeen.com/v2/cart-api-keys/publishable/rotate" \
-H "x-api-key: $REVKEEN_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"grace_hours": 24
}'{
"success": true,
"data": {
"api_key": "string",
"id": "string",
"unkey_key_id": "string",
"key_kind": "publishable",
"rolled_from": "string",
"old_key_expires_at": "string",
"grace_hours": 0
}
}{
"error": "string"
}{
"error": "string"
}{
"error": "string"
}