> ## Documentation Index > Fetch the complete documentation index at: https://docs.whitebit.com/llms.txt > Use this file to discover all available pages before exploring further. # Delete OAuth API key > Delete a partner-issued OAuth API key owned by the authenticated OAuth2 client. ## Authentication OAuth 2.0 Bearer token. Required scope: `apikeys.delete`. See [Authentication](/api-reference/authentication). The endpoint is available on `https://whitebit.com` only. ## Cache No caching. ## Notes The endpoint deletes only OAuth-issued API keys owned by the authenticated OAuth2 client. Keys belonging to other OAuth2 clients return `403`. Manually-created API keys are not deletable through this endpoint. Disabled keys (post-inactivity, awaiting user-side deletion) require user-initiated deletion from the WhiteBIT dashboard. Partner-initiated deletion through the endpoint triggers an email to the user. User-initiated dashboard deletion does not send an email. * Obtain the `externalId` path parameter from [Check OAuth API key existence](/api-reference/oauth/usage/api-key-info). * Automatic deletion triggers (14-day inactivity, account password change, account block, account freeze) also send an email to the user. ## OpenAPI ````yaml /openapi/oauth2.yaml DELETE /oauth2/api-key/{externalId} openapi: 3.0.3 info: title: OAuth 2.0 API Reference description: WhiteBIT OAuth 2.0 API for authentication and account management version: 1.0.0 servers: - url: https://whitebit.com description: WhiteBIT Global Server - url: https://whitebit.eu description: WhiteBIT EU Server security: [] tags: - name: Authentication description: > OAuth 2.0 authentication endpoints for obtaining and refreshing access tokens. Available Scopes (requested during client setup): - general: General API access - show.userinfo: Access to basic user information - users.read: Read user data - users.email.read: Read user email information - users.kyc.read: Information about whether a user has passed KYC verification - orders.read: Read trading orders - orders.create: Create trading orders - orders.delete: Delete trading orders - balances.read: Read account balances - markets.read: Read market information - deals.read: Read trading deals - orders_history.read: Read order history - users.transactions.read: Read user transactions - users.converts.read: Read currency conversion history - users.balances.read: Read user account balances - users.orders.read: Read user orders - users.deals.read: Read user deals - apikeys.create: Issue an OAuth-bound API key during the consent flow - apikeys.read: Read OAuth-issued API key state and retrieve its secret once - apikeys.delete: Delete an OAuth-issued API key linked to the partner - name: Account Endpoints description: >- Endpoints for retrieving account information, balances, and transaction history - name: OAuth API Keys description: > Partner-facing endpoints for managing API keys created via the OAuth API key flow. Available on the global server (`https://whitebit.com`) only. The EU server (`https://whitebit.eu`) does not expose these endpoints in this release. Required scopes: - `apikeys.read` for `GET /oauth2/api-key/info` and `GET /oauth2/api-key/{externalId}/secret` - `apikeys.delete` for `DELETE /oauth2/api-key/{externalId}` paths: /oauth2/api-key/{externalId}: delete: tags: - OAuth API Keys summary: Delete OAuth API key description: > The endpoint deletes a partner-issued API key owned by the authenticated OAuth2 client. The deletion triggers an email notification to the user. The endpoint applies to active keys — disabled keys must be removed by the user from the WhiteBIT dashboard. **Required scope:** `apikeys.delete`. **Region availability:** The endpoint is available on the global server (`https://whitebit.com`) only. parameters: - name: externalId in: path required: true description: External UUID of the API key. schema: type: string format: uuid example: 550e8400-e29b-41d4-a716-446655440000 responses: '200': description: Successful deletion. content: application/json: schema: type: object properties: data: type: array items: {} example: [] '401': description: >- Missing or invalid Bearer token, or token does not carry the `apikeys.delete` scope. content: application/json: schema: type: object properties: data: type: object properties: message: type: array items: type: string example: - Unauthorized. '403': description: The key does not belong to the authenticated OAuth2 client. content: application/json: schema: type: object properties: data: type: object properties: message: type: array items: type: string example: - Forbidden. '404': description: Key not found. content: application/json: schema: type: object properties: data: type: object properties: message: type: array items: type: string example: - Key not found. security: - BearerAuth: [] servers: - url: https://whitebit.com description: WhiteBIT Global Server components: securitySchemes: BearerAuth: type: http scheme: bearer bearerFormat: JWT description: > OAuth 2.0 Bearer Token authentication. Include the access token in the Authorization header. Example: `Authorization: Bearer YOUR_ACCESS_TOKEN` ````