Rotate AceDataCloud Platform API Credential
Reissue a new Token for an existing credential—the credential ID remains unchanged, limits/expiration/IP whitelist/call history remain unchanged, only the Token plaintext is changed.
Suitable scenarios: suspicion of Token leakage, regular compliance rotation, personnel departure, etc. It is more convenient than "delete and recreate" because there is no need to change the application_id association on the business side.
⚠️ Like the create interface, the complete Token plaintext is only returned once in the response of this interface. Be sure to save it on the spot.
ℹ️ This interface belongs to the AceDataCloud Platform Management API, with a unified prefix of
https://platform.acedata.cloud/api/v1/.
¶ Interface Overview
| Item | Content |
|---|---|
| Method | POST |
| URL | https://platform.acedata.cloud/api/v1/credentials/{credential_id}/rotate/ |
| Auth | ✅ Requires account token |
| Body | None / {} |
¶ Authentication Description (How to Obtain Account Token)
Request Header:
Authorization: Bearer platform-v1-92eb****629c
For obtaining methods, see Manage AceDataCloud Platform Account Token.
¶ Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
credential_id |
UUID | ✅ | The ID of the credential to rotate |
¶ Request Example
¶ cURL
curl -X POST 'https://platform.acedata.cloud/api/v1/credentials/df3e1b1b-9e72-4c4f-9a83-1e23f7c8b4d6/rotate/' \
-H 'accept: application/json' \
-H 'authorization: Bearer platform-v1-92eb****629c'
¶ Python
import requests
cred_id = "df3e1b1b-9e72-4c4f-9a83-1e23f7c8b4d6"
resp = requests.post(
f"https://platform.acedata.cloud/api/v1/credentials/{cred_id}/rotate/",
headers={
"accept": "application/json",
"authorization": "Bearer platform-v1-92eb****629c",
},
timeout=10,
)
cred = resp.json()
print(f"✅ New Token: {cred['token']}")
print(f"Credential ID remains unchanged: {cred['id']}")
¶ Node.js
const credId = 'df3e1b1b-9e72-4c4f-9a83-1e23f7c8b4d6'
const r = await fetch(
`https://platform.acedata.cloud/api/v1/credentials/${credId}/rotate/`,
{
method: 'POST',
headers: { authorization: 'Bearer platform-v1-92eb****629c' },
}
)
const cred = await r.json()
console.log('New Token:', cred.token)
¶ Response Example (HTTP 200)
{
"id": "df3e1b1b-9e72-4c4f-9a83-1e23f7c8b4d6",
"user_id": "89518d07-5560-4b05-92c1-667f3ddf6a4b",
"application_id": "82f57141-2323-4453-8730-60f7d833a2da",
"name": "production-server-01",
"token": "ac9999999999999999999999999999ffff",
"amount": 50.0,
"used_amount": 12.34,
"remaining_amount": 37.66,
"disabled": false,
"expired_at": "2026-12-31T23:59:59Z",
"tags": ["prod"],
"metadata": null,
"client_ip_allowlist": ["203.0.113.7/32"],
"used_at": "2026-04-26T08:30:00Z",
"created_at": "2026-04-26T07:55:00Z",
"updated_at": "2026-04-26T10:12:00Z"
}
Note that the id remains unchanged, and the token has been replaced with a new value. The old Token immediately becomes invalid at the moment of rotation.
¶ Error Handling
| HTTP | Code | Meaning |
|---|---|---|
| 401 | not_authenticated |
Missing account token |
| 403 | permission_denied |
The credential does not belong to you |
| 404 | not_found |
Credential does not exist or has been deleted |
¶ Practical Tips
- Rotation is an atomic operation: The new Token is effective when the response is returned, and the old Token is already invalid. There is no transitional period where two Tokens are valid simultaneously.
- Zero-downtime rotation: Treat "the caller retries once with the new Token" as an emergency fallback—such as embedding "401 → fetch the latest Token → retry" into the business client.
- Do not rotate without the ability to immediately update the business-side Token: The old Token will become invalid immediately. If the business side cannot quickly change the Token, first use
disabled=trueto soft shut down (PATCH is not currently open, deletion can be used). - Rotation does not affect: limits (
amount), expiration time (expired_at), IP whitelist, call history, tags, metadata.
