# Invalidate API keys **DELETE /_security/api_key** This API invalidates API keys created by the create API key or grant API key APIs. Invalidated API keys fail authentication, but they can still be viewed using the get API key information and query API key information APIs, for at least the configured retention period, until they are automatically deleted. To use this API, you must have at least the `manage_security`, `manage_api_key`, or `manage_own_api_key` cluster privileges. The `manage_security` privilege allows deleting any API key, including both REST and cross cluster API keys. The `manage_api_key` privilege allows deleting any REST API key, but not cross cluster API keys. The `manage_own_api_key` only allows deleting REST API keys that are owned by the user. In addition, with the `manage_own_api_key` privilege, an invalidation request must be issued in one of the three formats: - Set the parameter `owner=true`. - Or, set both `username` and `realm_name` to match the user's identity. - Or, if the request is issued by an API key, that is to say an API key invalidates itself, specify its ID in the `ids` field. ## Required authorization * Cluster privileges: `manage_api_key`,`manage_own_api_key` ## Servers - http://api.example.com: http://api.example.com () ## Authentication methods - Api key auth ## Parameters ### Body: application/json (object) - **id** (string) - **ids** (array[string]) A list of API key ids. This parameter cannot be used with any of `name`, `realm_name`, or `username`. - **name** (string) An API key name. This parameter cannot be used with any of `ids`, `realm_name` or `username`. - **owner** (boolean) Query API keys owned by the currently authenticated user. The `realm_name` or `username` parameters cannot be specified when this parameter is set to `true` as they are assumed to be the currently authenticated ones. NOTE: At least one of `ids`, `name`, `username`, and `realm_name` must be specified if `owner` is `false`. - **realm_name** (string) The name of an authentication realm. This parameter cannot be used with either `ids` or `name`, or when `owner` flag is set to `true`. - **username** (string) The username of a user. This parameter cannot be used with either `ids` or `name` or when `owner` flag is set to `true`. ## Responses ### 200 #### Body: application/json (object) - **error_count** (number) The number of errors that were encountered when invalidating the API keys. - **error_details** (array[object]) Details about the errors. This field is not present in the response when `error_count` is `0`. - **invalidated_api_keys** (array[string]) The IDs of the API keys that were invalidated as part of this request. - **previously_invalidated_api_keys** (array[string]) The IDs of the API keys that were already invalidated. [Powered by Bump.sh](https://bump.sh)