Revoke or delete an enrollment API key

DELETE /api/fleet/enrollment_api_keys/{keyId}

Spaces method and path for this operation:

delete /s/{space_id}/api/fleet/enrollment_api_keys/{keyId}

Refer to Spaces for more information.

Revoke or delete an enrollment API key by ID. Use forceDelete=true to remove the document.

[Required authorization] Route required privileges: fleet-agents-all.

Headers

kbn-xsrf string Required

A required header to protect against CSRF attacks

Path parameters

keyId string Required

The ID of the enrollment API key

Query parameters

forceDelete boolean

When false (default), invalidate the API key and mark the token as inactive. When true, also delete the token document.

Default value is false.
includeHidden boolean

When true, allow deletion of hidden enrollment tokens (managed/agentless policies). Defaults to false.

Default value is false.

Responses

200 application/json

Successful response
Hide response attribute Show response attribute object
- action string Required
  
  Value is deleted.
400 application/json

Bad Request
Hide response attributes Show response attributes object
- attributes Required
- error string
- errorType string
- message string Required
- statusCode number
404 application/json

Not Found

DELETE /api/fleet/enrollment_api_keys/{keyId}

curl \
 --request DELETE 'https://localhost:5601/api/fleet/enrollment_api_keys/{keyId}' \
 --header "Authorization: $API_KEY" \
 --header "kbn-xsrf: true"

Response examples (200)

The enrollment API key was successfully revoked

{
  "action": "deleted"
}

Response examples (400)

Example of a generic error response

{
  "error": "Bad Request",
  "message": "An error message describing what went wrong",
  "statusCode": 400
}

Response examples (404)

No enrollment API key was found with the given ID

{
  "error": "Not Found",
  "message": "EnrollmentAPIKey key-id-1 not found",
  "statusCode": 404
}