Skip to main content
curl --request POST \
  --url https://api.usedatabrain.com/api/v2/service-token/rotate \
  --header 'Authorization: Bearer YOUR_ADMIN_ACCESS_TOKEN' \
  --header 'Content-Type: application/json' \
  --data '{"token":"550e8400-e29b-41d4-a716-446655440000","expireAt":3600}'

{
  "key": "7c9e6679-7425-40de-944b-e07fc1f90ae7"
}
POST
https://api.usedatabrain.com
/
api
/
v2
/
service-token
/
rotate
curl --request POST \
  --url https://api.usedatabrain.com/api/v2/service-token/rotate \
  --header 'Authorization: Bearer YOUR_ADMIN_ACCESS_TOKEN' \
  --header 'Content-Type: application/json' \
  --data '{"token":"550e8400-e29b-41d4-a716-446655440000","expireAt":3600}'

{
  "key": "7c9e6679-7425-40de-944b-e07fc1f90ae7"
}
Rotate the organization service token. The current token is set to expire after a grace period (in seconds), and a new service token is returned. Use this for key rotation and security best practices.
Self-Hosted Only: This endpoint is available only on self-hosted Databrain instances.
Authentication Requirement: This endpoint requires an authenticated admin user (Bearer token) and a subscribed account.

Authentication

Use a valid admin session token in the Authorization header (e.g. from Create Admin JWT).

Headers

Authorization
string
required
Bearer token for an authenticated admin user.
Authorization: Bearer <access_token>
Content-Type
string
required
Must be application/json when sending a JSON body.
Content-Type: application/json

Request Body

token
string
required
The current service token (UUID) to rotate. This token will be expired according to expireAt. Must be a valid UUID.
expireAt
number
required
Duration in seconds until the current token expires. The old token remains valid until this many seconds from the request, then it is invalidated. Use 0 to expire immediately. Common values: 0 (immediate), 3600 (1 hour), 86400 (24 hours). Allows a grace period to update clients before the old token stops working.

Response

On success, the API returns 200 with a JSON object:
key
string
The new service token (UUID). Use this for all future service-level API calls. Store it securely; the previous token will expire per expireAt.
On error, the API returns a JSON object with error.code and error.message and an appropriate HTTP status (400 or 500).

Examples

HTTP Status Code Summary

Status CodeDescription
200OK – New service token returned in key
400Bad Request – Invalid token, missing parameters, or token already expired
500Internal Server Error – Server error or self-hosted-only error

Possible Errors

CodeMessageHTTP Status
INVALID_REQUEST_BODYJoi validation message (e.g. "token" is required, "expireAt" is required, invalid UUID)400
AUTHENTICATION_ERRORInvalid Service Token400
EXPIRED_SERVICE_TOKENService token is already expired400
INVALID_SERVICE_TOKENInvalid service token400
SELFHOSTED_APP_ERRORThis feature is only available for self-hosted instances500
INTERNAL_SERVER_ERRORInternal server error or GraphQL error message500