Disabling a key makes it invalid for verification without permanently deleting it. The key can be re-enabled at any time, restoring full access.
When to use this
Payment issues
Customer’s payment failed, disable their key until billing is resolved.
Suspicious activity
Investigate potential abuse without losing the key’s configuration.
Scheduled maintenance
Temporarily block access during system updates.
Account suspension
Suspend a user’s API access while keeping their key for potential
reactivation.
Disable a key
curl -X POST https://api.unkey.com/v2/keys.updateKey \
-H "Authorization: Bearer $UNKEY_ROOT_KEY" \
-H "Content-Type: application/json" \
-d '{
"keyId": "key_...",
"enabled": false
}'
Verification response
When a disabled key is verified, it returns valid: false with code DISABLED:
{
"meta": { "requestId": "req_..." },
"data": {
"valid": false,
"code": "DISABLED",
"keyId": "key_...",
"enabled": false
}
}
Re-enable a key
curl -X POST https://api.unkey.com/v2/keys.updateKey \
-H "Authorization: Bearer $UNKEY_ROOT_KEY" \
-H "Content-Type: application/json" \
-d '{
"keyId": "key_...",
"enabled": true
}'
Disabled vs Deleted
| Action | Disabled | Deleted |
|---|
| Key verifies? | ❌ No (code: DISABLED) | ❌ No (code: NOT_FOUND) |
| Can be restored? | ✅ Yes | ❌ No |
| Keeps configuration? | ✅ Yes | ❌ No |
| Keeps analytics? | ✅ Yes | ⚠️ Limited |
Use disabling for temporary blocks. Only delete keys when you’re sure the user
won’t need them again.
