Rotate API token
POST/tokens/:tokenId/rotate
Generates a new API token while keeping the old token active for a grace period (default 7 days, configurable). The new token is only returned once and should be stored securely. Use this for zero-downtime token rotation. The response includes previousToken info with status and expiration. Only the token owner can rotate their tokens.
Request
Responses
- 200
- 400
- 401
- 404
- 500
API token with new token value (only shown once) and previousToken info
Invalid token ID format
Unauthorized - admin role and credentials.manage scope required
Token not found or access denied
Internal server error