Thrive AI Health
Api reference

Revoke a tenant key

Subsequent requests using the raw secret receive `401 unauthorized`. Revoking the key used to authenticate the current request returns `409 cannot_revoke_self` — mint a replacement and authenticate with it first, or use `POST /v1/auth/tenant-key/rotate` for grace-period rotation.

DELETE
/v1/admin/org/tenant-keys/{key_id}

Path Parameters

key_id*Key Id

Header Parameters

org-id?string|null
x-user-id?string|null
x-request-id?string|null
traceparent?string|null
Idempotency-Key?|null

Response Body

application/json

curl -X DELETE "https://loading/v1/admin/org/tenant-keys/string"
Empty
{
  "detail": [
    {
      "loc": [
        "string"
      ],
      "msg": "string",
      "type": "string"
    }
  ]
}

Mint a new taih-tenant-key for the caller's org

The raw `secret` is returned **exactly once** in this response — store it immediately. Subsequent `GET` reads return metadata only. For zero-downtime rotation of a single active key, prefer `POST /v1/auth/tenant-key/rotate` (Identity service); these CRUD endpoints support multi-key topologies (e.g. one key per backend service).

Retrieve the configured queue (metadata only)

Returns the queue config minus any write-only secrets (SAS tokens). `404 queue_not_configured` if the named stream has no queue registered — events for unconfigured streams are buffered until a queue is registered.