This topic explains how to use the UI and APIs to revoke or approve API keys for products in
developer apps and for developer apps.
Using the UI to revoke the
key for a specific API product in a developer app
You can revoke the key associated with a specific API product through the UI. The
effect is that the API resources defined in that API product will no longer be accessible unless
the key is re-approved.
Select the app that contains the key you wish to revoke.
Click the Edit icon
.
In the Credentials section, select Revoke in the Status drop-down menu.
Using the UI to approve
the key for a specific API product in a developer app
You can approve a previously revoked consumer key for an API product in a developer app
through the Apigee UI. The client app will once again be able to access the APIs in that
product.
From the list of apps, select the one that contains the key you wish to approve.
Click the Edit icon .
In the Credentials section, select Approve in the Status drop-down menu.
Revoking and approving keys for API
products with the Apigee API
Apigee provides APIs that let you manage API key status, depending on your use case. In the
developer app JSON below, the location of each approve/revoke flag is indicated for each of these
three cases:
(1) Shows key status for a specific API product in a developer app. This API does
exactly what the UI operations described previously in this topic do. See the API for
approving or revoking an app's consumer key..
(2) Shows key status for a developer app key. Revoking the key renders it
unusable for the app to use it to access an API. Any access tokens associated with a
revoked app key will remain active, but Apigee checks the status of the app key first. If
the status is set to "revoked," Apigee will not allow the call go through. See the API for
approving or revoking an API key for a developer app.
(3) Shows the key status for all keys associated with a developer app. A revoked app cannot
access any API products and cannot invoke any API managed by Apigee. See the API for
approving or revoking all keys for a developer app.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-28 UTC."],[[["\u003cp\u003eThis page explains how to revoke or approve API keys for products in developer apps and for entire developer apps, within Apigee and Apigee hybrid.\u003c/p\u003e\n"],["\u003cp\u003eYou can revoke access to specific API resources defined within an API product by revoking the associated key through the Apigee UI or via API calls.\u003c/p\u003e\n"],["\u003cp\u003eThe Apigee UI allows you to approve or revoke a key associated with a specific API product, found within a given developer app, reinstating access to the defined APIs.\u003c/p\u003e\n"],["\u003cp\u003eApigee provides REST APIs to manage API key statuses, allowing you to revoke or approve keys at the API product level, the developer app key level, or for all keys associated with an entire developer app.\u003c/p\u003e\n"],["\u003cp\u003eYou can check the status of a revoked API product or developer app by using the "Get Developer App Details" API, which will return a JSON that contains the current status of the target entity.\u003c/p\u003e\n"]]],[],null,["# Revoking and approving developer app keys\n\n*This page\napplies to **Apigee** and **Apigee hybrid**.*\n\n\n*View [Apigee Edge](https://docs.apigee.com/api-platform/get-started/what-apigee-edge) documentation.*\n\nThis topic explains how to use the UI and APIs to revoke or approve API keys for products in\ndeveloper apps and for developer apps.\n| **Note:** If you need to revoke an access token, you can do that directly by calling a properly configured OAuthV2 endpoint. For details, see [Approving and\n| revoking access tokens](/apigee/docs/api-platform/security/oauth/validating-and-invalidating-access-tokens).\n\nUsing the UI to revoke the\nkey for a specific API product in a developer app\n----------------------------------------------------------------------------\n\nYou can revoke the key associated with a specific API product through the UI. The\neffect is that the API resources defined in that API product will no longer be accessible unless\nthe key is re-approved.\n\n\nTo revoke the key using the Apigee UI:\n\n1. Open the [Apigee UI](https://apigee.google.com).\n2. Select **Publish \\\u003e Apps** in the left navigation bar.\n3. Select the app that contains the key you wish to revoke.\n4. Click the Edit icon .\n5. In the Credentials section, select **Revoke** in the Status drop-down menu.\n\n| **Tip:** You can use the [Get\n| Developer App Details](/apigee/docs/reference/apis/apigee/rest/v1/organizations.developers.apps/get) API to get the JSON representation of a developer app to discover the approval status of products in that app. In the following JSON representation of a developer app, you can see where the API Product called \"Weather-Product\" has been revoked: \n|\n| ```transact-sql\n| {\n| \"accessType\": \"\",\n| \"appFamily\": \"default\",\n| \"appId\": \"6ed3a4d1-4733-439a-80a4-0d71149ec9ad\",\n| \"attributes\": [\n| {\n| \"name\": \"DisplayName\",\n| \"value\": \"AnotherTestApp\"\n| },\n| {\n| \"name\": \"Notes\",\n| \"value\": \"\"\n| }\n| ],\n| \"callbackUrl\": \"\",\n| \"createdAt\": 1415728893126,\n| \"createdBy\": \"wwitman@apigee.com\",\n| \"credentials\": [\n| {\n| \"apiProducts\": [\n| {\n| \"apiproduct\": \"Weather-Product\",\n| \"status\": \"revoked\"\n| }\n| ],\n| \"attributes\": [],\n| \"consumerKey\": \"giIC9Au6XP82wJ1oxZuQU4L75OdNKLhb\",\n| \"consumerSecret\": \"SXg8JizqeTA8j3gX\",\n| \"expiresAt\": -1,\n| \"issuedAt\": 1415728893154,\n| \"scopes\": [],\n| \"status\": \"approved\"\n| }\n| ],\n| \"developerId\": \"Z2S37rxX2Suzkwtg\",\n| \"lastModifiedAt\": 1420682967414,\n| \"lastModifiedBy\": \"wwitman@apigee.com\",\n| \"name\": \"AnotherTestApp\",\n| \"scopes\": [],\n| \"status\": \"approved\"\n| }\n| ```\n\nUsing the UI to approve\nthe key for a specific API product in a developer app\n-----------------------------------------------------------------------------\n\nYou can approve a previously revoked consumer key for an API product in a developer app\nthrough the Apigee UI. The client app will once again be able to access the APIs in that\nproduct.\n\n**To approve an API product key:**\n\n1. Open the [Apigee UI](https://apigee.google.com).\n2. From the main menu, select **Publish \\\u003e Apps**.\n3. From the list of apps, select the one that contains the key you wish to approve.\n4. Click the Edit icon .\n5. In the Credentials section, select **Approve** in the Status drop-down menu.\n\nRevoking and approving keys for API\nproducts with the Apigee API\n----------------------------------------------------------------\n\nApigee provides APIs that let you manage API key status, depending on your use case. In the\ndeveloper app JSON below, the location of each approve/revoke flag is indicated for each of these\nthree cases:\n\n- (1) Shows key status for a specific API product in a developer app. This API does exactly what the UI operations described previously in this topic do. See the API for [approving or revoking an app's consumer key.](/apigee/docs/reference/apis/apigee/rest/v1/organizations.developers.apps.keys.apiproducts/updateDeveloperAppKeyApiProduct).\n- (2) Shows key status for a developer app key. Revoking the key renders it unusable for the app to use it to access an API. Any access tokens associated with a revoked app key will remain active, but Apigee checks the status of the app key first. If the status is set to \"revoked,\" Apigee will not allow the call go through. See the API for [approving or revoking an API key for a developer app](/apigee/docs/reference/apis/apigee/rest/v1/organizations.developers.apps.keys/updateDeveloperAppKey).\n- (3) Shows the key status for all keys associated with a developer app. A revoked app cannot access any API products and cannot invoke any API managed by Apigee. See the API for [approving or revoking all keys for a developer app](/apigee/docs/reference/apis/apigee/rest/v1/organizations.developers.apps/generateKeyPairOrUpdateDeveloperAppStatus).\n\n```transact-sql\n{\n \"accessType\": \"\",\n \"appFamily\": \"default\",\n \"appId\": \"6ed3a4d1-4733-439a-80a4-0d71149ec9ad\",\n \"attributes\": [\n {\n \"name\": \"DisplayName\",\n \"value\": \"AnotherTestApp\"\n },\n {\n \"name\": \"Notes\",\n \"value\": \"\"\n }\n ],\n \"callbackUrl\": \"\",\n \"createdAt\": 1415728893126,\n \"createdBy\": \"wwitman@apigee.com\",\n \"credentials\": [\n {\n \"apiProducts\": [\n {\n \"apiproduct\": \"Weather-Product\",\n \"status\": \"revoked\" // (1)\n }\n ],\n \"attributes\": [],\n \"consumerKey\": \"giIC9Au6XP82wJ1oxZuQU4L75OdNKLhb\",\n \"consumerSecret\": \"SXg8JizqeTA8j3gX\",\n \"expiresAt\": -1,\n \"issuedAt\": 1415728893154,\n \"scopes\": [],\n \"status\": \"approved\" // (2) \n }\n ],\n \"developerId\": \"Z2S37rxX2Suzkwtg\",\n \"lastModifiedAt\": 1420682967414,\n \"lastModifiedBy\": \"wwitman@apigee.com\",\n \"name\": \"AnotherTestApp\",\n \"scopes\": [],\n \"status\": \"approved\" // (3)\n}\n```"]]
.