> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dataframer.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Rotate API key

> Programmatically rotate your API key. Authenticates using your current API key as a Bearer token (not JWT). The current key is immediately revoked and a new key is returned.

Rate limited to 5 requests per hour per IP address.

Store the returned key securely — it will not be shown again.



## OpenAPI

````yaml https://app.stainless.com/api/spec/documented/dataframer/openapi.with-code-samples.json post /api/users/api-key/rotate
openapi: 3.0.0
info:
  title: DataFramer API
  version: 0.1.0
  description: ''
  termsOfService: https://www.aimon.ai/docs/privacy-policy.pdf
  contact:
    name: DataFramer Support
    email: info@dataframer.ai
  license:
    name: Proprietary
  x-logo:
    url: https://dataframer.ai/logo.png
    altText: DataFramer AI
  x-stainless:
    package-name: aimon-dataframer
    namespace:
      - aimon
      - dataframer
servers:
  - url: https://df-api.dataframer.ai
    description: Production server
security:
  - BearerAuth: []
tags:
  - name: Seed Datasets
    description: Manage seed datasets for generation
  - name: Specs
    description: Data specifications for sample generation
  - name: Runs
    description: Generation runs and results
  - name: Evaluations
    description: Evaluate generated sample quality
  - name: Red Teaming
    description: Security testing and adversarial prompts
  - name: Spec Creation
    description: Create specs from datasets or from scratch (seedless)
  - name: Generation
    description: Synthetic data generation
  - name: API Keys
    description: API key management and rotation
  - name: Health
    description: Health check endpoints
  - name: Models
    description: Available AI models
externalDocs:
  description: Complete API Guide
  url: https://docs.dataframer.ai/dataframer
paths:
  /api/users/api-key/rotate:
    post:
      tags:
        - API Keys
      summary: Rotate API key
      description: >-
        Programmatically rotate your API key. Authenticates using your current
        API key as a Bearer token (not JWT). The current key is immediately
        revoked and a new key is returned.


        Rate limited to 5 requests per hour per IP address.


        Store the returned key securely — it will not be shown again.
      operationId: api_users_api_key_rotate
      responses:
        '200':
          description: Key rotated successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/APIKeyRotateResponse'
              examples:
                rotated:
                  value:
                    api_key: >-
                      a1b2c3d4e5f6789012345678901234567890abcdef1234567890abcdef12345678
                    masked_key: a1b2****5678
                    expires_at: '2027-02-19T01:24:05.000000+00:00'
        '400':
          description: Bad request
          content:
            application/json:
              schema:
                type: object
                properties:
                  error:
                    type: string
              examples:
                no_company:
                  value:
                    error: User is not associated with any company
        '401':
          description: Invalid, expired, or missing API key
          content:
            application/json:
              schema:
                type: object
                properties:
                  error:
                    type: string
              examples:
                missing_header:
                  value:
                    error: Authorization header with Bearer token is required
                empty_key:
                  value:
                    error: API key is required
                invalid_key:
                  value:
                    error: Invalid or expired API key
        '429':
          description: Rate limit exceeded (5 requests per hour per IP)
          content:
            application/json:
              schema:
                type: object
                properties:
                  detail:
                    type: string
                    example: Request was throttled. Expected available in 3600 seconds.
      security:
        - BearerAuth: []
      x-codeSamples:
        - lang: JavaScript
          source: |-
            import Dataframer from 'dataframer';

            const client = new Dataframer({
              apiKey: process.env['DATAFRAMER_API_KEY'], // This is the default and can be omitted
            });

            const response = await client.apiKeys.rotate();

            console.log(response.api_key);
        - lang: Python
          source: |-
            import os
            from dataframer import Dataframer

            client = Dataframer(
                api_key=os.environ.get("DATAFRAMER_API_KEY"),  # This is the default and can be omitted
            )
            response = client.api_keys.rotate()
            print(response.api_key)
components:
  schemas:
    APIKeyRotateResponse:
      type: object
      description: Response from a successful API key rotation
      properties:
        api_key:
          type: string
          description: The new API key. Store securely — it will not be shown again.
        masked_key:
          type: string
          description: >-
            Masked version of the key showing first 4 and last 4 characters
            (e.g. a1b2****5678)
        expires_at:
          type: string
          format: date-time
          description: Expiration timestamp of the new API key
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: API Key
      description: 'API Key authentication. Format: "Bearer YOUR_API_KEY"'

````