Revoke Key (POST)
POST /cdp/keys/revoke — revoke a target key by id or key_prefix. Idempotent: revoking an
already-revoked or unknown key is a no-op that returns an empty revoked list.
Request
Section titled “Request”POST /cdp/keys/revokeContent-Type: application/json| Field | Type | Required | Description |
|---|---|---|---|
id | string | one of id / key_prefix | The key record id to revoke. |
key_prefix | string | one of id / key_prefix | The key prefix to revoke. |
brand_id | string | staff only | Target brand (staff). A non-staff brand-admin always revokes within their own brand. |
A target id or key_prefix is required, or the request is rejected 400. Revocation
is always scoped to the authorized brand — a caller can never revoke another brand’s key.
Response 200
Section titled “Response 200”{ "revoked": [ { "id": "key_abc", "key_prefix": "vyg_AbCd", "brand_id": "brand-uuid", "is_staff": false, "expires_at": null, "revoked_at": "2026-01-15T00:00:00.000Z", "created_at": "2026-01-10T00:00:00.000Z" } ]}revoked lists the display-safe records that actually transitioned active → revoked. An
already-revoked or not-found target returns { "revoked": [] }.
Example
Section titled “Example”curl -s -X POST "https://cdp.vyg.app/cdp/keys/revoke" \ -H "Authorization: Bearer <session-credential>" \ -H "Content-Type: application/json" \ -d '{ "key_prefix": "vyg_AbCd" }'See also the REST-conventional alias, Revoke Key (DELETE).
Errors
Section titled “Errors”| Status | When |
|---|---|
400 | Neither id nor key_prefix supplied. |
401 | Missing or invalid credential. |
403 | An API key was used for management; a non-staff caller targeted another brand; or no connected Shopify integration resolves a scope for the brand. |
405 | Unsupported method. |
500 | Brand-scope resolution failed. |
See Errors for the full envelope.