Rotate Personal API Key

Replaces a role's own API key with a new random API key. The new API key is returned as the response body.

Any role can rotate its own API key. The name and password or current API key of the role must be provided via HTTP Basic Authorization.

Your HTTP/REST client probably provides HTTP basic authentication support. For example, curl and all of the Conjur client libraries provide this.

 

The body of the request must be the empty string.

URI

  
PUT /authn/{account}/api_key

Example with curl

Suppose your account is “myorg”, you are the user “alice”, your password is “Mypassw0rD1!”, and you want to rotate your API key.

  
curl --request PUT --data "" \
     --user alice:Mypassw0rD1\! \
     https://eval.conjur.org/authn/myorg/api_key

Headers

Field

Description

Example

Authorization

Supported basic auth credentials: password (for users) and API key.

Basic ZGFuaWVsOjlwOG5mc2RhZmJw

Response

Code

Description

200

The response body is the API key.

401

The request lacks valid authentication credentials.

405

The target role does not have an API key

Example URI

  
PUT /authn/myorg/api_key

URI Parameters

Parameter

Type

Mandatory

Description

account

String

Yes

Organization account name.

Example: myorg

Request

Headers

  
Authorization: Basic ZGFuaWVsOjlwOG5mc2RhZmJw
 

Requests that rotate a role's own API key must use their password (for users) or their existing API key (for hosts and users).

Response 200

Headers

  
Content-Type: text/plain; charset=utf-8

Body

  
14m9cf91wfsesv1kkhevg12cdywm2wvqy6s8sk53z1ngtazp1t9tykc