Rotate API token

POST 
/integrations/tokens/:tokenId/rotate

Generates a new API token while keeping the old token active for a grace period (default 7 days, configurable). The new token is only returned once and should be stored securely. Use this for zero-downtime token rotation. The response includes previousToken info with status and expiration. Only the token owner can rotate their tokens.

Requires scope: credentials.manage.

Request

Responses

200

API token with new token value (only shown once) and previousToken info

400

Invalid token ID format

401

Unauthorized - root operator role and credentials.manage scope required

404

Token not found or access denied

500

Internal server error