Ctrl+K

Revoke a webhook signing key

delete/api/policy/v1/enterprises/{enterpriseId}/webhooks/keys/{keyId}

Revokes a webhook signing key for an enterprise. This is a soft delete — the key row is preserved for audit purposes but marked as REVOKED.

Revoked keys cannot be used for webhook signature verification. Revocation is irreversible — a new key must be registered to restore access.

Authorization: Caller must be an admin of the specified enterprise.

Path Parameters

  • enterpriseIdstringRequired
    The enterprise ID.
  • keyIdstringRequired
    The customer-provided key identifier.

200 Response

success boolean required
Whether the revocation was successful.
Example: true
keyId string required
The customer-provided key identifier that was revoked.
Example: customer-prod-key-2026
revokedAt string <date-time>required
When the key was revoked.
Example: 2026-01-12T15:00:00.000Z
revokedBy string required
User who revoked the key.
Example: admin@example.com

401 Response

code string
message string
status integer

403 Response

code string
message string
status integer

404 Response

code string
message string
status integer

409 Response

code string
message string
status integer

500 Response

code string
message string
status integer