Self-Hosted APIs
Rotate Service Token
Rotate your service token. Expires the current token after an optional grace period and returns a new token.
POST
Rotate your organization service token. The current token is set to expire after a grace period (in seconds), and a new service token is returned. Use this for key rotation and security best practices.
On error, the API returns a JSON object with
The service token used in the
Authorization header is the token being rotated. You only need to provide expireAt in the request body — no token field required.Authentication
Use your current service token in theAuthorization header. The token provided here is the one that will be expired and replaced.
To access your service token:
- In Settings page, navigate to the Service Tokens section.
- Click the “Generate Token” button to create a new service token if you don’t have one already.
Headers
Bearer token for API authentication. Use the service token you want to rotate.
Must be
application/json when sending a JSON body.Request Body
Duration in seconds until the current token expires. The old token remains valid until this many seconds from the request, then it is invalidated. Accepts a number or a numeric string. Use
0 to expire immediately. Common values: 0 (immediate), 3600 (1 hour), 86400 (24 hours).Response
On success, the API returns 200 with a JSON object:The new service token (UUID). Use this for all future service-level API calls. Store it securely; the previous token will expire per
expireAt.error.code and error.message and an appropriate HTTP status (400, 401, or 500).
Examples
HTTP Status Code Summary
| Status Code | Description |
|---|---|
200 | OK – New service token returned in key |
400 | Bad Request – Missing parameters, invalid key format, not a service token, or token already expired |
401 | Unauthorized – Service token not found in DB or already expired |
500 | Internal Server Error – Server error |
Possible Errors
| Code | Message | HTTP Status |
|---|---|---|
INVALID_REQUEST_BODY | Joi validation message (e.g. "expireAt" is required) | 400 |
AUTHENTICATION_ERROR | "API Key is not provided or Invalid!" – missing/invalid UUID format (400); "API Key is invalid or expired!" – not found or expired in DB (401); "Invalid Service Token" – token is a data app key, not a service token (400) | 400 / 401 |
EXPIRED_SERVICE_TOKEN | Service token is already expired | 400 |
INVALID_SERVICE_TOKEN | Invalid service token | 400 |
INTERNAL_SERVER_ERROR | Internal server error or GraphQL error message | 500 |
Related
- Create Service Token – Create or save a service token
- Rotate API Key – Rotate a data app API key
- Create Admin JWT – Get admin access token

