> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bayse.markets/llms.txt
> Use this file to discover all available pages before exploring further.

# Rotate API key

> Generate a new secret key while keeping the same key ID

## Authentication

Requires `x-auth-token` and `x-device-id` headers. Obtain these by calling the [login endpoint](/api-reference/user/login).

## Path parameters

<ParamField path="keyId" type="string" required>
  The ID of the API key to rotate.
</ParamField>

## Example request

<CodeGroup>
  ```bash cURL theme={null}
  curl -X POST \
    https://relay.bayse.markets/v1/user/me/api-keys/3f7a1b2c-d4e5-6789-abcd-ef0123456789/rotate \
    -H "x-auth-token: YOUR_AUTH_TOKEN" \
    -H "x-device-id: YOUR_DEVICE_ID"
  ```

  ```javascript Node.js theme={null}
  const response = await fetch(
    'https://relay.bayse.markets/v1/user/me/api-keys/3f7a1b2c-d4e5-6789-abcd-ef0123456789/rotate',
    {
      method: 'POST',
      headers: {
        'x-auth-token': 'YOUR_AUTH_TOKEN',
        'x-device-id': 'YOUR_DEVICE_ID',
      },
    }
  );
  const { publicKey, secretKey } = await response.json();
  ```

  ```python Python theme={null}
  import requests

  resp = requests.post(
      'https://relay.bayse.markets/v1/user/me/api-keys/3f7a1b2c-d4e5-6789-abcd-ef0123456789/rotate',
      headers={
          'x-auth-token': 'YOUR_AUTH_TOKEN',
          'x-device-id': 'YOUR_DEVICE_ID',
      },
  )
  data = resp.json()
  ```

  ```go Go theme={null}
  req, _ := http.NewRequest(
      "POST",
      "https://relay.bayse.markets/v1/user/me/api-keys/3f7a1b2c-d4e5-6789-abcd-ef0123456789/rotate",
      nil,
  )
  req.Header.Set("x-auth-token", "YOUR_AUTH_TOKEN")
  req.Header.Set("x-device-id", "YOUR_DEVICE_ID")
  resp, _ := http.DefaultClient.Do(req)
  ```
</CodeGroup>

## Response

<ResponseField name="id" type="string">
  The same key ID as before.
</ResponseField>

<ResponseField name="name" type="string">
  The key's label.
</ResponseField>

<ResponseField name="publicKey" type="string">
  The public key — unchanged from before rotation.
</ResponseField>

<ResponseField name="secretKey" type="string">
  A new secret key. **Only returned once.**
</ResponseField>

<ResponseField name="signingInstructions" type="object">
  Updated signing instructions.
</ResponseField>

<ResponseExample>
  ```json 200 OK theme={null}
  {
    "id": "3f7a1b2c-d4e5-6789-abcd-ef0123456789",
    "name": "Trading bot",
    "publicKey": "pk_live_abcdef123456",
    "secretKey": "sk_live_newsecret456def",
    "signingInstructions": {
      "algorithm": "HMAC-SHA256",
      "headers": ["X-Public-Key", "X-Timestamp", "X-Signature"],
      "payloadFormat": "{timestamp}.{method}.{path}.{bodyHash}",
      "timestampWindowSeconds": 300
    }
  }
  ```
</ResponseExample>

<Warning>
  The old secret key stops working immediately upon rotation. Update all services using this key before rotating.
</Warning>
