Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.orbitsearch.com/llms.txt

Use this file to discover all available pages before exploring further.

When you need to retire a key, use the Orbit developer dashboard. Revocation takes effect immediately: the key stops authenticating requests as soon as the dashboard action completes.

Revoke vs. delete

ActionBest forResult
RevokeRotation, suspected exposure, production key retirementThe key becomes inactive but remains visible as audit metadata
DeletePermanent cleanup of throwaway or test keysThe key metadata is removed from your key list
Prefer revoke for production keys. It preserves the audit trail, including the safe display_key, scopes, creation time, and last-used timestamp.

Rotation workflow

1

Issue a replacement key

Open DashboardAPI keys, generate a new key with the same required scopes, and store the raw sk_orb_... value in your secrets manager.
2

Move traffic gradually

Update one caller or environment at a time to use the replacement key.
3

Verify usage

Watch the replacement key’s last-used timestamp and usage in the dashboard until it reflects live traffic.
4

Revoke the old key

Once no callers use the old key, revoke it from the dashboard.
Do not delete a production key during rotation unless you are certain you no longer need its metadata. Revoked keys are safer for audits and incident response.

Public API behavior

Developer API keys cannot revoke, delete, or manage other keys. If a revoked or deleted key is used for search or profile reads, the API returns 403 invalid_api_key.