Skip to main content
Delete API keys permanently from user accounts or for cleanup purposes. Use this for user-requested key deletion, account deletion workflows, or cleaning up unused keys. Keys are immediately invalidated. Two modes: soft delete (default, preserves audit records) and permanent delete. Important: For temporary access control, use updateKey with enabled: false instead of deletion.

Required Permissions

Your root key must have one of the following permissions:
  • api.*.delete_key (to delete keys in any API)
  • api.<api_id>.delete_key (to delete keys in a specific API)

Request

keyId
string
required
Specifies which key to delete using the database identifier returned from createKey. Do not confuse this with the actual API key string that users include in requests.Deletion immediately invalidates the key, causing all future verification attempts to fail with code=NOT_FOUND. Key deletion triggers cache invalidation across all regions but may take up to 30 seconds to fully propagate.Pattern: ^[a-zA-Z0-9_]+$Example: key_2cGKbMxRyIzhCxo1Idjz8q
permanent
boolean
default:"false"
Controls deletion behavior between recoverable soft-deletion and irreversible permanent erasure.
  • Soft deletion (default): Preserves key data for potential recovery through direct database operations.
  • Permanent deletion: Completely removes all traces including hash values and metadata with no recovery option.
Use permanent deletion only for regulatory compliance (GDPR), resolving hash collisions, or when reusing identical key strings. Permanent deletion cannot be undone and may affect analytics data that references the deleted key.Most applications should use soft deletion to maintain audit trails and prevent accidental data loss.

Response

The response contains an empty data object on success.
data
object
Empty object indicating successful deletion.

Examples

curl -X POST https://api.unkey.com/v2/keys.deleteKey \
  -H "Authorization: Bearer <UNKEY_ROOT_KEY>" \
  -H "Content-Type: application/json" \
  -d '{
    "keyId": "key_1234abcd"
  }'

Permanent Deletion

curl -X POST https://api.unkey.com/v2/keys.deleteKey \
  -H "Authorization: Bearer <UNKEY_ROOT_KEY>" \
  -H "Content-Type: application/json" \
  -d '{
    "keyId": "key_9876wxyz",
    "permanent": true
  }'

Response Example

{
  "meta": {
    "requestId": "req_user_delete_1234"
  },
  "data": {}
}

Use Cases

User-Requested Deletion

Delete key when user clicks “Delete” in your dashboard: 
await unkey.keys.delete({ keyId: "key_1234abcd" });

Account Deletion

Remove keys during complete account deletion workflow: 
await unkey.keys.delete({ 
  keyId: "key_5678efgh",
  permanent: false // Keep audit trail
});

GDPR Compliance

Permanently remove key for regulatory compliance: 
await unkey.keys.delete({ 
  keyId: "key_9876wxyz",
  permanent: true // Complete erasure
});

Key Rotation

Remove old key after successful rotation: 
// Create new key first
const newKey = await unkey.keys.create({ /* ... */ });

// Then delete old key
await unkey.keys.delete({ 
  keyId: "key_old_5678",
  permanent: false
});

Build docs developers (and LLMs) love

Get started for freeTalk to us