API keys and tokens generated using the Soracom API or CLI can now be revoked at any time using the following new APIs:

• Auth:logout
• User:revokeUserAuthTokens
• Operator:revokeOperatorAuthTokens

When generating an API key and token, you can specify a duration for which the token will remain valid. However, there was previously no way to manually revoke the token earlier than the valid duration once issued. In order to prevent an API key and token from being abused, you therefore had to specify a custom duration appropriate for your application.

With this update, an API key and token can be immediately revoked by calling the above APIs as soon as the key and token are no longer needed.

For more infomration, please refer to API Reference Guide.