--- title: Rotate API Key url: https://docs.vultr.com/platform/other/api/other-user/rotate-api-key description: Rotate Vultr user API keys with admin access to maintain security and avoid downtime. publish_date: 2025-09-17T17:02:32.452629Z last_updated: 2025-09-17T17:02:54.451028Z --- Regularly rotating API keys is a critical security practice that reduces the risk of unauthorized access. A safe rotation process ensures your workloads keep running without downtime while you replace old keys with new ones. > [!NOTE] > This guide covers managing API Keys for other users. You must have root or administrator account credentials in Vultr to perform these actions. Follow this guide to rotate a specific user's API key using the Vultr Console or the Vultr API. === "Vultr Console" 1. Navigate to **Account** and select **Users** under **OTHER**. 1. Select the user from the list and click the **Edit User** icon. 1. In **User Access Tokens** section, enter a **Name**, choose an API key **Expiry** option, and set the **Expiry On** date. 1. Click **Add Key** to create the new API key. 1. Update your applications, scripts, and automation to use the new API key. 1. After you confirm that workloads authenticate with the new key, delete the old key in **User Access Tokens** section. === "Vultr API" 1. Send a `GET` request to the [**Get Users** endpoint](https://www.vultr.com/api/#tag/users/operation/list-users) to list all users. ```console $ curl "https://api.vultr.com/v2/users" \ -X GET \ -H "Authorization: Bearer ${VULTR_API_KEY}" ``` Note the `id` of the user whose API key you want to rotate. 1. Send a `POST` request to the [**Create User API Key** endpoint](https://www.vultr.com/api/#tag/users/operation/create-user-api-key) to generate a new key for that user. ```console $ curl "https://api.vultr.com/v2/users/{user-id}/apikeys" \ -X POST \ -H "Authorization: Bearer ${VULTR_API_KEY}" \ -H "Content-Type: application/json" \ --data '{ "name": "", "expire": true, "date_expire": "2030-01-01T00:00:00Z" }' ``` The response includes the new API key in plain text. Copy and store it securely, as this is the only time you can view it. 1. Update your applications, scripts, and automation to use the new API key, then validate that they work correctly. 1. Send a `GET` request to the [**List User API Keys** endpoint](https://www.vultr.com/api/#tag/users/operation/list-user-api-keys) to view all keys for the user. ```console $ curl "https://api.vultr.com/v2/users/{user-id}/apikeys" \ -X GET \ -H "Authorization: Bearer ${VULTR_API_KEY}" ``` Identify the `id` of the old API key you want to remove. 1. Send a `DELETE` request to the [**Delete User API Key** endpoint](https://www.vultr.com/api/#tag/users/operation/delete-user-api-key) to delete the old key. ```console $ curl "https://api.vultr.com/v2/users/{user-id}/apikeys/{apikey-id}" \ -X DELETE \ -H "Authorization: Bearer ${VULTR_API_KEY}" ``` The response returns `204 No Content` to confirm successful deletion. 1. Send another `GET` request to the [**List User API Keys** endpoint](https://www.vultr.com/api/#tag/users/operation/list-user-api-keys) to verify that the old key no longer appears in the response. ```console $ curl "https://api.vultr.com/v2/users/{user-id}/apikeys" \ -X GET \ -H "Authorization: Bearer ${VULTR_API_KEY}" ```