> ## Documentation Index > Fetch the complete documentation index at: https://docs.neoagent.io/llms.txt > Use this file to discover all available pages before exploring further. # Rotate an API key > Mints a replacement key and sunsets the old one after a 24h overlap so callers can roll over without downtime. Takes no request body. The new plaintext secret is returned once, in `data.key`. Admin dashboard JWT only. ## OpenAPI ````yaml https://api.neoagent.io/public-api/openapi.json post /public-api/api-keys/{key_id}/rotate openapi: 3.1.0 info: description: >- Neo's public contract for the dashboard ChatAgent, partner integrations, and MSP automation. Every response is wrapped in a `{data, meta}` envelope; errors use `{error: {code, message, details?}, meta: {request_id}}`. Authenticate with a `Bearer neo_sk__` API key (service account) or a Microsoft Entra ID JWT (dashboard user). Signed-URL endpoints (end-user feedback links) take a `signature` query parameter instead. title: Neo Public API version: 1.0.0 servers: - url: https://api.neoagent.io security: [] tags: - description: Service metadata — health, OpenAPI. name: Meta - description: Agents and workflows — read, version history, delete, stats. name: Agents - description: Agent/workflow execution history, sub-resources, retry/cancel. name: Executions - description: PSA webhook events and their workflow-match results. name: Callbacks - description: Technician-in-the-loop approval requests. name: TIL requests - description: RMM script executions triggered by agents. name: RMM scripts - description: Dispatch-agent field-update decisions. name: Dispatch - description: The authenticated tenant. name: Tenant - description: Agent-builder schema catalogs (raw JSON payloads). name: Schemas - description: Escalate to the Neo team (HubSpot ticket). name: Escalation - description: Tenant settings. name: Settings - description: Tenant API-key management (dashboard JWT only). name: API keys - description: End-user feedback links (signed-URL auth). name: Feedback - description: End-client companies (CRUD + bulk-update). name: End companies - description: Channels — bind a CONVERSATIONAL agent to a transport (Teams). name: Channels - description: PSA/RMM/M365 integration status and connection management. name: Integrations - description: Technician roster (controls TIL routing and paging). name: Technicians - description: Future runs queued for TRIGGERED agents. name: Scheduled work - description: Subscription state and customer-facing credit usage (no provider $). name: Billing - description: Inbox messages and announcements. name: Inbox & Comms - description: Tenant-authored agent skills (CRUD) and the built-in skill catalog. name: Skills paths: /public-api/api-keys/{key_id}/rotate: post: tags: - API keys summary: Rotate an API key description: >- Mints a replacement key and sunsets the old one after a 24h overlap so callers can roll over without downtime. Takes no request body. The new plaintext secret is returned once, in `data.key`. Admin dashboard JWT only. operationId: public_api.api_keys_rotate_post parameters: - in: path name: key_id required: true schema: type: string responses: '201': content: application/json: schema: properties: data: $ref: '#/components/schemas/ApiKeyCreateResponse' meta: $ref: '#/components/schemas/SuccessMeta' required: - data - meta type: object description: Success. '400': content: application/json: schema: $ref: '#/components/schemas/ErrorEnvelope' description: Bad request — malformed input. '401': content: application/json: schema: $ref: '#/components/schemas/ErrorEnvelope' description: Unauthenticated — missing or invalid credentials. '403': content: application/json: schema: $ref: '#/components/schemas/ErrorEnvelope' description: Forbidden — authenticated but not allowed. '404': content: application/json: schema: $ref: '#/components/schemas/ErrorEnvelope' description: Not found. '409': content: application/json: schema: $ref: '#/components/schemas/ErrorEnvelope' description: Conflict — the resource is in a state that blocks this operation. '422': content: application/json: schema: $ref: '#/components/schemas/ErrorEnvelope' description: Request validation failed. '429': content: application/json: schema: $ref: '#/components/schemas/ErrorEnvelope' description: Rate limited — see Retry-After. '500': content: application/json: schema: $ref: '#/components/schemas/ErrorEnvelope' description: Internal server error. security: - bearerAuth: [] components: schemas: ApiKeyCreateResponse: properties: created_at: format: date-time title: Created At type: string expires_at: anyOf: - format: date-time type: string - type: 'null' title: Expires At id: title: Id type: string key: title: Key type: string name: title: Name type: string required: - id - name - key - expires_at - created_at title: ApiKeyCreateResponse type: object SuccessMeta: properties: pagination: $ref: '#/components/schemas/Pagination' request_id: format: uuid type: string timings_ms: additionalProperties: type: number type: object warnings: description: >- Non-fatal warnings about the created/updated resource (e.g. an unhealthy PSA callback). items: type: string type: array required: - request_id - timings_ms type: object ErrorEnvelope: properties: error: properties: code: description: Stable machine-readable error code. type: string details: additionalProperties: true type: object message: type: string required: - code - message type: object meta: properties: request_id: format: uuid type: - string - 'null' type: object required: - error - meta type: object Pagination: properties: has_more: type: boolean next_cursor: type: - string - 'null' required: - next_cursor - has_more type: object securitySchemes: bearerAuth: description: >- `Authorization: Bearer ` where `` is either a `neo_sk__` API key (service account) or a Microsoft Entra ID access token (dashboard user). scheme: bearer type: http ````