Revoke unused, lost, or compromised private keys.
You should revoke an API key immediately if it becomes inactive, lost, or compromised. A revoked API key denies access to the App Store Connect API on your organization's behalf.
To revoke an API key, log in to App Store Connect with an Admin account.
Select Users and Access, then select the API Keys tab.
Click Edit next to the list of Active keys.
Select the API keys to revoke, and click Revoke Key.
Click the Revoke button to confirm.
Once you revoke an API key, you won't be able to reinstate it. Revoked keys are displayed for 30 days on the API Keys page under the Revoked heading.