Rotating an API Key

Rotating an API Key

Rotating an API key generates a new token and immediately invalidates the old one. Use rotation when you suspect a key has been compromised, as part of a regular security rotation schedule, or when handing off access to a new system.

Steps

  1. In the left sidebar, click Settings.
  2. Click the API Keys tab.
  3. Find the key you want to rotate.
  4. Click the ... menu next to the key → Rotate.
  5. A confirmation dialog explains that the old token will be immediately invalidated.
  6. Click Rotate Key.

The new token is displayed once. Copy it immediately and store it securely.

Warning: The old token stops working immediately. Any system using the old token will fail to authenticate as soon as rotation is complete. Update all systems that use this key before clicking Rotate — or be ready to update them immediately after.

Updating Your Systems

After rotation, you need to update every integration that uses the old token:

  • Environment variables in your application
  • CI/CD secrets
  • Third-party tools (Zapier, Make, etc.)
  • Any scripts or cron jobs that use the API

Until you update these, they'll return 401 Unauthorized errors.

When to Rotate vs. Delete

Scenario Action
Key may be compromised Rotate immediately
Regular security rotation Rotate
Integration is being decommissioned Delete
Changing permissions for a key Delete and create a new one

Related Articles

Still have questions? Contact support.

    • Related Articles

    • Deleting an API Key

      Deleting an API key immediately and permanently revokes it. Any system using the deleted key will fail to authenticate. Steps In the left sidebar, click Settings. Click the API Keys tab. Find the key you want to delete. Click the ... menu → Delete. ...

    • Creating an API Key

      This article explains how to create a new API key for programmatic access to the PulseAPI REST API. Prerequisites: API access requires a Starter, Professional, or Team plan. Steps In the left sidebar, click Settings. Click the API Keys tab. Click ...

    • Managing API Keys

      API keys let you authenticate requests to the PulseAPI REST API so you can manage monitors, read incidents, and access your data programmatically. This article is an overview of API key management — for specific actions, see the linked articles ...

    • Deleting Your Account

      Deleting your account permanently removes your PulseAPI user account and all personal data. This is separate from canceling a subscription or deleting a team. Warning: Account deletion is irreversible. There is no grace period or recovery option. ...

    • Monitor Settings Reference

      This article describes every field in the monitor create/edit form. Use it as a reference when configuring a monitor or troubleshooting unexpected behavior. Basic Settings Name A label for the monitor. Appears in the dashboard, incident ...