---
title: Rotate API Key
url: https://docs.vultr.com/platform/other/api/current-user/rotate-api-key
description: Rotate Vultr current user API keys securely with zero downtime using portal or API.
publish_date: 2025-09-17T16:36:40.053681Z
last_updated: 2025-09-17T16:37:36.469345Z
---

Regularly rotating API keys is a security best practice that reduces the risk of unauthorized access and credential compromise. This guide provides a safe, zero-downtime workflow to rotate your current user API key using the Vultr Console or the Vultr API.
Follow these steps to rotate a current user API Key, ensuring your applications and automation continue to function without interruption.
=== "Vultr Console"
    1. Navigate to **Dashboard** and select **Vultr API** under **Orchestration**.
    1. In **User Access Tokens** section, enter a **Name**, choose an API key **Expiry** option, and set the **Expiry On** date.
    1. Click **Add Key**.
    1. Update all applications, scripts, and automation to use the new API key.
    1. After verifying that all workloads successfully authenticate with the new API key, delete the old key in **User Access Tokens** section.

=== "Vultr API"

    1. Send a `POST` request to the [**Create API Key** endpoint](https://www.vultr.com/api/#tag/api-keys/operation/create-api-key) to generate a new API key for your current user account.

        ```console
        $ curl "https://api.vultr.com/v2/apikeys" \
            -X POST \
            -H "Authorization: Bearer ${VULTR_API_KEY}" \
            -H "Content-Type: application/json" \
            -d '{
                "name": "<api-key-name>",
                "expire": true,
                "date_expire": "2030-01-01T00:00:00Z"
            }'
        ```
        The response returns the new API key in plain text. Copy and store it securely, as this is the only time you can view it.
    1. Update your applications, scripts, and automation to use the new API key, then validate that they work correctly.
    1. Send a `GET` request to the [**List API Keys** endpoint](https://www.vultr.com/api/#tag/api-keys/operation/list-api-keys) to view all API keys for the current user and identify the old key's ID.
        ```console
        $ curl "https://api.vultr.com/v2/apikeys" \
            -X GET \
            -H "Authorization: Bearer ${VULTR_API_KEY}"
        ```
    1. Send a `DELETE` request to the [**Delete API Key** endpoint](https://www.vultr.com/api/#tag/api-keys/operation/delete-api-key) to delete the old API key.
        ```console
        $ curl "https://api.vultr.com/v2/apikeys/{apikey-id}" \
            -X DELETE \
            -H "Authorization: Bearer ${VULTR_API_KEY}"
        ```
        An HTTP response of `204 No Content` confirms that your API key is deleted.