Skip to main content
POST
/
api
/
v1
/
agents
/
:name
/
rotate-key
Rotate Agent Key
curl --request POST \
  --url https://api.example.com/api/v1/agents/:name/rotate-key
{
  "apiKey": "<string>"
}
Rotates the OTLP API key for a specific agent. The old key is deleted and a new key is generated.

Path Parameters

Response

apiKey
string
required
The new OTLP API key. Format: mnfst_ followed by 43 base64url characters.Important: This is the only time the full API key will be returned. Store it securely and update your agent configuration.

Example Request

curl -X POST https://api.manifest.build/api/v1/agents/my-agent/rotate-key \
  -H "Cookie: better-auth.session_token=YOUR_SESSION_TOKEN"

Example Response

{
  "apiKey": "mnfst_XYZ123ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefg789"
}

Error Responses

404 Not Found

Returned when:
  • The agent doesn’t exist
  • The agent doesn’t belong to the authenticated user
{
  "statusCode": 404,
  "message": "Agent not found or access denied"
}

Notes

  • The old API key is immediately deleted and will no longer work for OTLP ingestion
  • All existing OTLP connections using the old key will be rejected after rotation
  • Update your agent’s configuration with the new key before rotating to avoid downtime
  • The new key has the same prefix format (mnfst_) as the old one
  • Key rotation is useful when:
    • A key has been compromised or exposed
    • You need to revoke access from a specific deployment
    • You’re implementing key rotation as a security best practice

Build docs developers (and LLMs) love

Get started for freeTalk to us