Revoking API Keys

Revoke unused, lost, or compromised private keys.


You should revoke an API key immediately if it becomes inactive, lost, or compromised. A revoked API key denies access to the App Store Connect API on your organization's behalf.

To revoke an API key, log in to App Store Connect with an Admin account.

  1. Select Users and Access, then select the API Keys tab.

  2. Click Edit next to the list of Active keys.

  3. Select the API keys to revoke, and click Revoke Key.

  4. Click the Revoke button to confirm.

Once you revoke an API key, you won't be able to reinstate it. Revoked keys are displayed for 30 days on the API Keys page under the Revoked heading.

See Also

First Steps

Creating API Keys for App Store Connect API

Create API keys used to sign JWTs and authorize API requests.

Generating Tokens for API Requests

Create JSON Web Tokens signed with your private key to authorize API requests.