> ## Documentation Index
> Fetch the complete documentation index at: https://docs.livingsecurity.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Rotate API access key

> Revokes the existing secret access key value and issues a replacement for the same API access key credential name, type, and scopes. The new secret access key value is returned only once.



## OpenAPI

````yaml /api-reference/openapi-public.json post /access-keys/{id}/rotate
openapi: 3.0.0
info:
  title: Living Security Public API
  description: >-
    Curated, versioned API for Living Security customer integrations.
    Authenticate by exchanging a Living Security API access key for a
    short-lived bearer access token.
  version: 1.0.0
  contact: {}
servers:
  - url: https://api.us-east-1.livingsecurity.ai/api/v1
    description: US production
  - url: https://api.eu-west-1.livingsecurity.ai/api/v1
    description: EU production
  - url: /api/v1
    description: Current origin
security: []
tags: []
paths:
  /access-keys/{id}/rotate:
    post:
      tags:
        - Access Keys
      summary: Rotate API access key
      description: >-
        Revokes the existing secret access key value and issues a replacement
        for the same API access key credential name, type, and scopes. The new
        secret access key value is returned only once.
      operationId: AccessKeys.rotate
      parameters:
        - name: x-organization-id
          in: header
          description: Organization context for multi-tenant operations
          required: true
          schema:
            type: string
            format: uuid
        - name: id
          required: true
          in: path
          description: API access key identifier to rotate
          schema:
            type: string
      responses:
        '201':
          description: ''
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CreateAccessKeyResponseDto'
      security:
        - bearerAuth: []
components:
  schemas:
    CreateAccessKeyResponseDto:
      type: object
      properties:
        id:
          type: string
          description: Stable API access key identifier
        name:
          type: string
          description: >-
            Human-readable name for the API access key credential, usually the
            owning integration or automation
        keyType:
          type: string
          description: >-
            Credential type for the API access key. user_bound keys are
            associated with the creating user's identity; service_account keys
            are intended for non-human service integrations.
          enum:
            - user_bound
            - service_account
        boundEmail:
          type: string
          description: >-
            Email address associated with the API access key credential when the
            credential is user-bound
        status:
          type: string
          description: API access key status
          enum:
            - active
            - revoked
        lastUsedAt:
          type: string
          description: Last time the API access key was used
          format: date-time
          nullable: true
        expiresAt:
          type: string
          description: Expiration timestamp for the API access key credential
          format: date-time
          nullable: true
        createdAt:
          type: string
          description: Timestamp when the API access key credential was created
          format: date-time
        createdByUserId:
          type: string
          description: Identifier of the user who created this API access key
        scopes:
          description: Permission scopes assigned to this API access key
          example:
            - '*'
          type: array
          items:
            type: string
        secret:
          type: string
          description: >-
            One-time secret access key value. Store it immediately; it cannot be
            retrieved after creation or rotation.
      required:
        - id
        - name
        - keyType
        - boundEmail
        - status
        - createdAt
        - createdByUserId
        - scopes
        - secret
  securitySchemes:
    bearerAuth:
      scheme: bearer
      bearerFormat: access-token
      type: http
      description: >-
        Short-lived bearer access token issued for a Living Security API access
        key. Send as Authorization: Bearer <token>.

````