HTTP status: 401 · Title: “API key revoked”Documentation Index
Fetch the complete documentation index at: https://docs.kash.bot/llms.txt
Use this file to discover all available pages before exploring further.
When it fires
The key is well-formed and recognised, but itsrevoked_at column is set. The auth middleware fails closed.
Why it happens
- A user (you or a teammate) explicitly revoked the key via Settings → API Keys → Revoke.
- An operator revoked the key via
kash-admin api-keys revoke <id>(e.g., suspected leak). - A security automation revoked it (e.g., per-key velocity anomaly tripped a kill switch).
How to fix
- If revocation was unintentional, ask the operator who ran it (the audit log records who/when/why).
- If revocation was intentional and you need to keep working, issue a new key. Revoked keys cannot be un-revoked — that’s the security property.
- Update every place the old key was stored (env vars, secret stores, CI configs) before the new key goes live.
Related codes
API_KEY_INVALID— key was deleted, not revokedAPI_KEY_EXPIRED— key reached itsexpires_at(no operator action)