Skip to main content
POST
/
apps
/
{app_id}
/
auth
/
tokens
/
{token_id}
/
rotate
Rotate API key
curl --request POST \
  --url https://api.onesignal.com/apps/{app_id}/auth/tokens/{token_id}/rotate \
  --header 'Authorization: <authorization>' \
  --header 'Content-Type: <content-type>'
{
  "formatted_token": "<string>"
}

Overview

Use this API to rotate a Rich Authentication Token (App API Key) for a specific OneSignal app. Rotating a key revokes the current token and generates a new one under the same configuration—ideal when a token is lost or compromised but you don’t want to recreate and reconfigure it from scratch.
For background on different OneSignal API keys, see Keys & IDs.

How to use this API

Using your Organization API key (available in Organizations > Keys & IDs) you can rotate an app token associated with a given app. The token_id is a OneSignal-generated ID specific for the API key. This is not the API key itself. It is returned when creating an API key with Create API key. It can be found in the OneSignal dashboard and in the response body of the View API keys request.

Headers

Content-Type
string
default:application/json
required
Authorization
string
default:Key YOUR_ORGANIZATION_API_KEY
required

Your Organization API key with prefix Key. See Keys & IDs.

Path Parameters

app_id
string
default:YOUR_APP_ID
required

Your OneSignal App ID in UUID v4 format. See Keys & IDs.

token_id
string
required

The OneSignal-generated ID specific to the API key. This is not the API key itself. It is returned when creating an API key with Create API key. It can be found in the OneSignal dashboard and in the response body of the View API keys request.

Response

200

formatted_token
string

The Rich Authentication Token (REST API Key). It is shown only once and won’t be stored in OneSignal. Keep it secret and secure, as it can’t be retrieved later.