Disabling a key makes it invalid for verification without permanently deleting it. The key can be re-enabled at any time, restoring full access.
When to use this
Payment issues
Customer’s payment failed — disable their key until billing is resolved.
Suspicious activity
Investigate potential abuse without losing the key’s configuration.
Scheduled maintenance
Temporarily block access during system updates.
Account suspension
Suspend a user’s API access while keeping their key for potential reactivation.
Disable a key
curl -X POST https://api.unkey.com/v2/keys.updateKey \
-H "Authorization: Bearer $UNKEY_ROOT_KEY" \
-H "Content-Type: application/json" \
-d '{
"keyId": "key_...",
"enabled": false
}'
Verification response
When a disabled key is verified, it returns valid: false with code DISABLED:
{
"meta": { "requestId": "req_..." },
"data": {
"valid": false,
"code": "DISABLED",
"keyId": "key_...",
"enabled": false
}
}
Re-enable a key
curl -X POST https://api.unkey.com/v2/keys.updateKey \
-H "Authorization: Bearer $UNKEY_ROOT_KEY" \
-H "Content-Type: application/json" \
-d '{
"keyId": "key_...",
"enabled": true
}'
Disabled vs Deleted
| Action | Disabled | Deleted |
|---|
| Key verifies? | ❌ No (code: DISABLED) | ❌ No (code: NOT_FOUND) |
| Can be restored? | ✅ Yes | ❌ No |
| Keeps configuration? | ✅ Yes | ❌ No |
| Keeps analytics? | ✅ Yes | ⚠️ Limited |
Use disabling for temporary blocks. Only delete keys when you’re sure the user won’t need them again.
