Roll team API client token
POST
/api/user/teams/{id}/api-clients/{clientId}/rotate
const url = 'https://hitkeep.com/api/user/teams/2489E9AD-2EE2-8E00-8EC9-32D5F69181C0/api-clients/2489E9AD-2EE2-8E00-8EC9-32D5F69181C0/rotate';const options = {method: 'POST', headers: {cookie: 'hk_token=<hk_token>'}};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://hitkeep.com/api/user/teams/2489E9AD-2EE2-8E00-8EC9-32D5F69181C0/api-clients/2489E9AD-2EE2-8E00-8EC9-32D5F69181C0/rotate \ --cookie hk_token=<hk_token>Generates a new one-time token for an active team-owned API client and immediately invalidates the previous token.
Authorizations
Section titled “Authorizations ”Parameters
Section titled “ Parameters ”Path Parameters
Section titled “Path Parameters ” id
required
string format: uuid
clientId
required
string format: uuid
Responses
Section titled “ Responses ”Rolled team API client token
Media type application/json
object
client
object
created_at
string format: date-time
description
string
expires_at
string format: date-time
id
string format: uuid
instance_role
string
last_used_at
string format: date-time
name
string
owner_type
string
revoked_at
string format: date-time
site_roles
Explicit site grants. Empty means the API client has no site-scoped analytics, MCP, or ingest access.
Array<object>
object
role
string
site_id
string format: uuid
tenant_id
string format: uuid
updated_at
string format: date-time
user_id
string format: uuid
token
string
Example
{ "client": { "owner_type": "personal" }}API client is revoked or expired