/api/policy/v1/enterprises/{enterpriseId}/webhooks/keys/{keyId}Revokes a webhook signing key for an enterprise. This is a soft delete — the key row is preserved for audit purposes but marked as REVOKED.
Revoked keys cannot be used for webhook signature verification. Revocation is irreversible — a new key must be registered to restore access.
Key ID tombstoning: Once a keyId is revoked, it is permanently tombstoned
for this enterprise. Attempting to register a new key under the same keyId will
return a 400 error, even after revocation. This is intentional security design that
prevents key-reuse attacks. Choose a stable, unique keyId from the start (e.g.
use a version suffix such as my-key-v2) so that key rotation does not require
updating secrets or configuration files that reference the keyId.
Authorization: Caller must be an admin of the specified enterprise.
enterpriseIdstringRequiredkeyIdstringRequiredsuccess boolean required truekeyId string required customer-prod-key-2026revokedAt string <date-time>required 2026-01-12T15:00:00.000ZrevokedBy string required admin@example.comcode string message string status integer code string message string status integer code string message string status integer code string message string status integer code string message string status integer