Skip to main content
POST
/
v1
/
user
/
me
/
api-keys
/
{keyId}
/
rotate
Rotate API key
curl --request POST \
  --url https://relay.bayse.markets/v1/user/me/api-keys/{keyId}/rotate
import requests

url = "https://relay.bayse.markets/v1/user/me/api-keys/{keyId}/rotate"

response = requests.post(url)

print(response.text)
const options = {method: 'POST'};

fetch('https://relay.bayse.markets/v1/user/me/api-keys/{keyId}/rotate', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_URL => "https://relay.bayse.markets/v1/user/me/api-keys/{keyId}/rotate",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
package main

import (
"fmt"
"net/http"
"io"
)

func main() {

url := "https://relay.bayse.markets/v1/user/me/api-keys/{keyId}/rotate"

req, _ := http.NewRequest("POST", url, nil)

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.post("https://relay.bayse.markets/v1/user/me/api-keys/{keyId}/rotate")
.asString();
require 'uri'
require 'net/http'

url = URI("https://relay.bayse.markets/v1/user/me/api-keys/{keyId}/rotate")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)

response = http.request(request)
puts response.read_body
{
  "id": "3f7a1b2c-d4e5-6789-abcd-ef0123456789",
  "name": "Trading bot",
  "publicKey": "pk_live_abcdef123456",
  "secretKey": "sk_live_newsecret456def",
  "signingInstructions": {
    "algorithm": "HMAC-SHA256",
    "headers": ["X-Public-Key", "X-Timestamp", "X-Signature"],
    "payloadFormat": "{timestamp}.{method}.{path}.{bodyHash}",
    "timestampWindowSeconds": 300
  }
}

Authentication

Requires x-auth-token and x-device-id headers. Obtain these by calling the login endpoint.

Path parameters

keyId
string
required
The ID of the API key to rotate.

Example request

curl -X POST \
  https://relay.bayse.markets/v1/user/me/api-keys/3f7a1b2c-d4e5-6789-abcd-ef0123456789/rotate \
  -H "x-auth-token: YOUR_AUTH_TOKEN" \
  -H "x-device-id: YOUR_DEVICE_ID"
const response = await fetch(
  'https://relay.bayse.markets/v1/user/me/api-keys/3f7a1b2c-d4e5-6789-abcd-ef0123456789/rotate',
  {
    method: 'POST',
    headers: {
      'x-auth-token': 'YOUR_AUTH_TOKEN',
      'x-device-id': 'YOUR_DEVICE_ID',
    },
  }
);
const { publicKey, secretKey } = await response.json();
import requests

resp = requests.post(
    'https://relay.bayse.markets/v1/user/me/api-keys/3f7a1b2c-d4e5-6789-abcd-ef0123456789/rotate',
    headers={
        'x-auth-token': 'YOUR_AUTH_TOKEN',
        'x-device-id': 'YOUR_DEVICE_ID',
    },
)
data = resp.json()
req, _ := http.NewRequest(
    "POST",
    "https://relay.bayse.markets/v1/user/me/api-keys/3f7a1b2c-d4e5-6789-abcd-ef0123456789/rotate",
    nil,
)
req.Header.Set("x-auth-token", "YOUR_AUTH_TOKEN")
req.Header.Set("x-device-id", "YOUR_DEVICE_ID")
resp, _ := http.DefaultClient.Do(req)

Response

id
string
The same key ID as before.
name
string
The key’s label.
publicKey
string
The public key — unchanged from before rotation.
secretKey
string
A new secret key. Only returned once.
signingInstructions
object
Updated signing instructions.
{
  "id": "3f7a1b2c-d4e5-6789-abcd-ef0123456789",
  "name": "Trading bot",
  "publicKey": "pk_live_abcdef123456",
  "secretKey": "sk_live_newsecret456def",
  "signingInstructions": {
    "algorithm": "HMAC-SHA256",
    "headers": ["X-Public-Key", "X-Timestamp", "X-Signature"],
    "payloadFormat": "{timestamp}.{method}.{path}.{bodyHash}",
    "timestampWindowSeconds": 300
  }
}
The old secret key stops working immediately upon rotation. Update all services using this key before rotating.