Use these steps to invalidate the API keys that belong to API-Only users.

1. Navigate to Settings > Advanced Tools > User Access Rights.
2. Click the API Key Setup tab.
3. In the left pane, click the API Users tab (below the main tab bar).
4. Expand the API-Only Role user list in the left pane to display the names of API-Only users.
5. Select the user name that has the API key(s) that you want to invalidate.
6. Select the All tab under the API Key Setup tab in the right pane to display all of the API keys for that user.
7. Do one of the following:
   • To invalidate only one API key for the selected user, select that API key in the list of keys in the grid and click the Invalidate API Key icon in the grid toolbar.
   • To invalidate all API keys for the selected user, click the Invalidate All API Keys icon in the grid toolbar.
   The Invalidate API Key dialog box or the Invalidate All API Keys dialog box asks you to confirm the invalidation and provides a Note field where you can enter additional information.
8. Enter information in the Note field (optional) and click Yes.
   The status of the API key(s) changes to Invalidated.