> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kosli.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Rotate an API key for a service account

> Rotate an API key for a service account. A new key is generated immediately.
The old key remains valid for `grace_period_hours` (default 24) to allow
time to update dependent systems. The new key value is only returned once.



## OpenAPI

````yaml https://app.kosli.com/api/v2/openapi.json post /service-accounts/{org}/{name}/api-keys/{key_id}/rotate
openapi: 3.1.0
info:
  title: Kosli API
  summary: The API for communicating with Kosli
  description: >

    # Authentication 


    When making requests against Kosli API, you can authenticate your requests
    using a bearer token. 

    Set the bearer token in the request Authorization header to a valid API
    key. 

    API Keys can be personal or for service accounts. Check the [service
    accounts
    documentation](https://docs.kosli.com/getting_started/service-accounts/) for
    details. 


    ## Curl example


    ```shell

    curl -H "Authorization: Bearer <<your-api-key>>"
    https://app.kosli.com/api/v2/environments/<<your-org-name>>

    ```
  version: '2.0'
servers:
  - url: https://app.kosli.com/api/v2
    description: EU
  - url: https://app.us.kosli.com/api/v2
    description: US
security:
  - HTTPBearer: []
paths:
  /service-accounts/{org}/{name}/api-keys/{key_id}/rotate:
    post:
      tags:
        - Service Accounts
      summary: Rotate an API key for a service account
      description: >-
        Rotate an API key for a service account. A new key is generated
        immediately.

        The old key remains valid for `grace_period_hours` (default 24) to allow

        time to update dependent systems. The new key value is only returned
        once.
      operationId: rotate_service_account_api_key
      parameters:
        - name: name
          in: path
          required: true
          schema:
            type: string
            title: Name
        - name: key_id
          in: path
          required: true
          schema:
            type: string
            title: Key Id
        - name: org
          in: path
          required: true
          schema:
            type: string
            title: Org
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ApiKeyRotateInput'
      responses:
        '201':
          description: Successful Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiKeyRotatedResponse'
        '400':
          description: Invalid expiry date
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/fastapi_app__errors__ValidationErrorResponse___locals___ValidationErrorResponseModel__19
        '403':
          description: Forbidden
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/fastapi_app__errors__ForbiddenResponse___locals___ForbiddenResponseModel__26
        '404':
          description: API key not found
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/fastapi_app__errors__NotFoundResponse___locals___NotFoundResponseModel__61
      security:
        - HTTPBearer: []
        - HTTPBasic: []
components:
  schemas:
    ApiKeyRotateInput:
      properties:
        grace_period_hours:
          type: integer
          maximum: 720
          minimum: 1
          title: Grace Period Hours
          description: >-
            Number of hours the old key remains valid after rotation. Defaults
            to 24.
          default: 24
        expires_at:
          anyOf:
            - type: integer
              maximum: 4102444800
            - type: 'null'
          title: Expires At
          description: >-
            Unix timestamp for the new key's expiry. Use 0 or omit for no
            expiry. Must not be in the past.
      type: object
      title: ApiKeyRotateInput
    ApiKeyRotatedResponse:
      properties:
        id:
          type: string
          title: Id
        key:
          type: string
          title: Key
        description:
          type: string
          title: Description
        created_at:
          type: number
          title: Created At
        expires_at:
          type: integer
          title: Expires At
        grace_period_expires_at:
          type: integer
          title: Grace Period Expires At
      type: object
      required:
        - id
        - key
        - description
        - created_at
        - expires_at
        - grace_period_expires_at
      title: ApiKeyRotatedResponse
    fastapi_app__errors__ValidationErrorResponse___locals___ValidationErrorResponseModel__19:
      properties:
        message:
          type: string
          title: Message
          description: Error message
        errors:
          anyOf:
            - additionalProperties:
                type: string
              type: object
            - type: 'null'
          title: Errors
          description: Validation errors by field
      type: object
      required:
        - message
      title: ValidationErrorResponseModel
      description: expires_at cannot be in the past
      examples:
        - errors:
            email: Field must be a valid email address
            name: Field cannot be empty
          message: expires_at cannot be in the past
    fastapi_app__errors__ForbiddenResponse___locals___ForbiddenResponseModel__26:
      properties:
        message:
          type: string
          title: Message
          description: Error message
        errors:
          anyOf:
            - additionalProperties:
                type: string
              type: object
            - type: 'null'
          title: Errors
          description: Validation errors by field
      type: object
      required:
        - message
      title: ForbiddenResponseModel
      examples:
        - message: You don't have permission to access this resource
    fastapi_app__errors__NotFoundResponse___locals___NotFoundResponseModel__61:
      properties:
        message:
          type: string
          title: Message
          description: Error message
        errors:
          anyOf:
            - additionalProperties:
                type: string
              type: object
            - type: 'null'
          title: Errors
          description: Validation errors by field
      type: object
      required:
        - message
      title: NotFoundResponseModel
      description: API key not found
      examples:
        - message: API key not found
  securitySchemes:
    HTTPBearer:
      type: http
      scheme: bearer

````