TsgcWSAPIKeyManager › Methods › RotateKey
Issues a fresh key for the same owner and scopes and marks the old one kksRotated.
function RotateKey(const aOldKey: string; out aNewKey: string): Boolean;| Name | Type | Description |
|---|---|---|
aOldKey | const string | Raw plaintext key to rotate. Must currently resolve to an active (or already-rotated within grace) entry. |
aNewKey | out string | Receives the freshly issued plaintext key (same owner, same scopes, same remaining TTL). Returned only here — only its hash is persisted. |
True when the old key was located and the new one issued. False when the old key is unknown, already revoked, or expired. (Boolean)
Issues a fresh key for the owner and scopes of the old one, stamps the old entry with status kksRotated and stores a rotation timestamp so ValidateKey keeps accepting it for Rotation.GracePeriodSec seconds — the customer can deploy the new key without an outage. After the grace window elapses the old key is silently invalidated. Fires OnKeyRotated, appends a kaaRotated audit entry and updates Stats. Enable Rotation.Enabled to get the full grace-period behaviour; when disabled, the old key is invalidated immediately.
// Leaked key — issue replacement but keep old one alive 24h during grace
var
vNewKey: string;
begin
if sgcWSAPIKeyManager1.RotateKey(vOldKey, vNewKey) then
SendMail(vCustomer, 'Your new API key: ' + vNewKey);
end;