Publicly revoke leaked Composio API keys

Public endpoint for reporting and revoking Composio API keys that have been leaked (e.g. via the GitHub Secret Scanning Partner Program, third-party scanners, or self-reported leaks). Accepts project (ak_), user (uak_), and org (oak_*) keys in a single batch. Matched keys are revoked or soft-deleted. The response shape is constant regardless of whether any submitted key matched, so callers cannot use this endpoint to probe key existence. IP-rate-limited via the shared ipRateLimitMiddleware (same Redis-backed pattern used by the public install endpoint): per-IP and global tiers, fail-closed on Redis errors, returns 429 on hit.

Authorization

no_auth

Request Body

application/json

api_keysarray of stringRequired

Composio API keys to revoke. Accepts project (ak_), user (uak_), and org (oak_*) keys. Each batch is capped at 100 entries.

Response Body

`application/json`

curl -X POST "https://backend.composio.dev/api/v3.1/api_key_revocation" \
  -H "Content-Type: application/json" \
  -d '{
    "api_keys": [
      "string"
    ]
  }'

curl -X POST "https://backend.composio.dev/api/v3.1/api_key_revocation" \  -H "Content-Type: application/json" \  -d '{    "api_keys": [      "string"    ]  }'

{
  "received": true
}

{
  "error": {
    "message": "string",
    "code": 0,
    "slug": "string",
    "status": 0,
    "request_id": "string",
    "suggested_fix": "string",
    "errors": [
      "string"
    ]
  }
}

{
  "error": {
    "message": "string",
    "code": 0,
    "slug": "string",
    "status": 0,
    "request_id": "string",
    "suggested_fix": "string",
    "errors": [
      "string"
    ]
  }
}

Edit this page on GitHub

Publicly revoke leaked Composio API keysv3.1

Authorization

Request Body

Response Body

200application/json

400application/json

429application/json

`application/json`

`application/json`

`application/json`