Question: Delete API Key
Delete Vultr user API keys with admin access to maintain security and prevent misuse.
Deleting a user's API key is an important security practice to prevent unauthorized access and reduce the risk of compromised credentials. When an API key is no longer in use, or after you generate a replacement during credential rotation, remove the old key to keep your environment secure.
Note
- When managing API Keys for other users:
- You must have root or administrator credentials in Vultr to perform these actions.
- Deleting a API key immediately invalidates it. Applications, scripts, and integrations using the deleted API key will lose access.
- Update all workloads to use a replacement API key before deleting the old API key to avoid service interruptions.
Follow this guide to delete a user API key using the Vultr Customer Portal or the Vultr API.
Vultr Customer Portal1.Navigate to
Account and select
Users under
OTHER.2.Select the user from the list and click the
Edit User icon.
3.In the
User Access Tokens section, locate the key you want to remove and click
Delete.4.Click
OK to confirm the deletion.
Vultr API1.Send a GET request to the Get Users endpoint to list all users.
console
$ curl "https://api.vultr.com/v2/users" \
-X GET \
-H "Authorization: Bearer ${VULTR_API_KEY}"
Note the id of the user whose API key you want to delete.
2.Send a GET request to the List User API Keys endpoint to list the API keys for that user.
console
$ curl "https://api.vultr.com/v2/users/{user-id}/apikeys" \
-X GET \
-H "Authorization: Bearer ${VULTR_API_KEY}"
Note the id of the API key you want to delete.
3.Send a DELETE request to the Delete User API Key endpoint to remove the key by ID.
console
$ curl "https://api.vultr.com/v2/users/{user-id}/apikeys/{apikey-id}" \
-X DELETE \
-H "Authorization: Bearer ${VULTR_API_KEY}"The API responds with 204 No Content to confirm successful deletion.
4.Send a GET request to the List User API Keys endpoint again to verify the key no longer appears in the response.
console
$ curl "https://api.vultr.com/v2/users/{user-id}/apikeys" \
-X GET \
-H "Authorization: Bearer ${VULTR_API_KEY}"
Confirm that the deleted key ID no longer appears in the output.