Revoke All Active Open API Keys for Your Workspace

Use this endpoint to revoke every active API key in your workspace in a single operation. This is intended for emergency scenarios such as a suspected credential compromise, or as the final step of a coordinated key rotation after replacement keys are already in place.

This endpoint uses session cookie authentication (plangrep_session). It is used by the Plangrep app’s API settings page and does not accept a bearer API key.

This action revokes every active key in your workspace simultaneously and cannot be undone. All integrations, pipelines, and services authenticating with any API key for this workspace will immediately begin receiving 401 Unauthorized errors. Only use this endpoint in an emergency (e.g., a suspected key compromise) or as part of a planned, coordinated key rotation where replacement keys are already in place.

Endpoint

POST https://plangrep.com/api/open-api/keys/revoke-all

Authentication

Method	Value
Cookie	`plangrep_session=YOUR_SESSION_COOKIE`

Request Body

No request body required.

Response

200 OK Returns an object containing all key records after revocation.

keys

OpenApiKey[]

required

The full list of key records for the workspace after revocation. All previously active keys will have revokedAt set to the timestamp of this operation.

Show OpenApiKey fields

string

Unique identifier of the key.

label

string

Human-readable name of the key.

keyPrefix

string

The prefix used to identify the key.

scopes

OpenApiKeyScope[]

The permission scopes that were granted to this key. Possible values: jobs:read, jobs:write, artifacts:read.

createdByUserId

string

ID of the workspace user who originally created this key.

hashVersion

string

Internal version of the hashing algorithm used to store this key.

createdAt

string

ISO 8601 timestamp of when the key was created.

expiresAt

string | null

ISO 8601 expiration timestamp, or null if the key had no expiration.

lastUsedAt

string | null

ISO 8601 timestamp of the key’s most recent successful use before revocation, or null if it was never used.

lastUsedIp

string | null

IP address of the most recent request before revocation, or null if the key was never used.

revokedAt

string | null

ISO 8601 timestamp of when this revocation occurred. Will be non-null for all keys affected by this operation.

To rotate keys without downtime, create replacement keys and update all integrations before calling this endpoint.

Example

curl -X POST https://plangrep.com/api/open-api/keys/revoke-all \
  -H "Cookie: plangrep_session=YOUR_SESSION_COOKIE"

Example Response

{
  "keys": [
    {
      "id": "key_01hx3z...",
      "label": "Production Integration",
      "keyPrefix": "pgk_live_abc1",
      "scopes": ["jobs:read", "jobs:write", "artifacts:read"],
      "createdByUserId": "usr_01hx3y...",
      "hashVersion": "v1",
      "createdAt": "2024-11-01T10:00:00Z",
      "expiresAt": null,
      "lastUsedAt": "2025-01-15T08:42:00Z",
      "lastUsedIp": "203.0.113.42",
      "revokedAt": "2025-01-20T15:05:00Z"
    },
    {
      "id": "key_01hx4a...",
      "label": "Staging Key",
      "keyPrefix": "pgk_live_xyz9",
      "scopes": ["jobs:read"],
      "createdByUserId": "usr_01hx3y...",
      "hashVersion": "v1",
      "createdAt": "2024-12-10T09:00:00Z",
      "expiresAt": "2025-06-01T00:00:00Z",
      "lastUsedAt": null,
      "lastUsedIp": null,
      "revokedAt": "2025-01-20T15:05:00Z"
    }
  ]
}

​Endpoint

​Authentication

​Request Body

​Response

​Example

​Example Response

Endpoint

Authentication

Request Body

Response

Example

Example Response