> ## Documentation Index > Fetch the complete documentation index at: https://actianvectorai-docs-license-activation.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. # Rotate access token > Generates a new raw token for an existing access token and invalidates the previous raw token immediately. The token `id`, `name`, `description`, `permission`, `will_expire`, and `expired_at` values are preserved. Requires `auth_enabled=true` and an admin access token or admin JWT. Expired tokens cannot be rotated. ## OpenAPI ````yaml post /auth/access_token/{token_id}/rotate openapi: 3.0.3 info: title: Actian VectorAI DB - Authentication API description: Access token and admin user management for VectorAI DB. version: 1.0.0 contact: name: Actian Corporation url: https://www.actian.com servers: - url: http://localhost:6573 description: Local development server (REST API) - url: https://api.vectorai.actian.com description: Production server security: - bearerAuth: [] tags: - name: Access Tokens description: Create, list, rotate, and delete access tokens. - name: Admin User description: Create and manage the admin user, login, and authentication settings. paths: /auth/access_token/{token_id}/rotate: post: tags: - Access Tokens summary: Rotate access token description: > Generates a new raw token for an existing access token and invalidates the previous raw token immediately. The token `id`, `name`, `description`, `permission`, `will_expire`, and `expired_at` values are preserved. Requires `auth_enabled=true` and an admin access token or admin JWT. Expired tokens cannot be rotated. operationId: rotate_access_token parameters: - name: token_id in: path required: true schema: type: integer description: The unique identifier of the access token to rotate. - name: Authorization in: header required: true schema: type: string description: >- Admin JWT or admin access token. Format `Bearer `. responses: '200': description: Token rotated successfully. Returns the new raw token. content: application/json: schema: type: object properties: id: type: integer description: Unique identifier for the access token. name: type: string description: Human-readable name for the token. description: type: string description: Description of the token's intended use. token: type: string description: >- The new raw access token value. Store this securely, as it cannot be retrieved after rotation. created_at: type: string format: date-time description: Original creation timestamp, in RFC 3339 UTC format. expired_at: type: string format: date-time nullable: true description: >- Expiration timestamp. `null` when `will_expire` is `false`. will_expire: type: boolean description: Whether the token has an expiration date. permission: type: string description: Comma-separated permission names assigned to the token. examples: success: value: id: 12 name: reader-admin-token description: >- Used by the analytics dashboard to run read-only admin checks. token: vdai_ created_at: '2026-04-02T08:30:00Z' expired_at: '2026-04-03T08:30:00Z' will_expire: true permission: read,admin '400': description: Token is expired and cannot be rotated. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: expired: value: status: error message: Cannot rotate an expired access token '403': description: Authentication is not enabled on the server. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-codeSamples: - lang: cURL label: Rotate access token source: | curl -X POST http://localhost:6575/auth/access_token/12/rotate \ -H "Accept: application/json" \ -H 'Authorization: Bearer ' components: schemas: ErrorResponse: type: object properties: status: type: string description: Error status indicator. message: type: string description: Human-readable error description. securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT description: Admin JWT obtained from the login endpoint. ````