Skip to main content
Beta. On MPP this route uses GET with query api_key. The x402 rail uses DELETE for the same operation — see Revoke (x402). Overview: Agentic payments.

Endpoint

GET https://api.mobula.io/agent/mpp/api-keys/revoke?api_key=<uuid>

Payment

Fixed fee (see openapi.json). 402 → pay → retry → 200 with deletion confirmation.

Reference script

Same layout as x402 Revoke API key, but MPP uses GET + query api_key and mppx. Prerequisites: MPPX_PRIVATE_KEY, API_KEY (key to revoke), mppx, bun, viem. Run from the monorepo root. Source: agent-api-key-revoke.ts 
/**
 * MPP agent API key revoke — pay fixed fee; soft-deletes an API key (query param api_key).
 *
 * Usage:
 *   MPPX_PRIVATE_KEY=0x<key> API_KEY=<uuid> bun run scripts/src/mpp/agent-api-key-revoke.ts
 *
 * Optional: API_URL (default: https://api.mobula.io)
 * Required: API_KEY (the api_key to revoke; must belong to this agent).
 */

import { createPublicClient, formatUnits, http } from 'viem';
import { privateKeyToAccount } from 'viem/accounts';

const API_URL = process.env.API_URL ?? 'https://api.mobula.io';
const API_KEY = process.env.API_KEY;
if (!API_KEY || API_KEY.trim() === '') {
  console.error('ERROR: Set API_KEY=<the_api_key_to_revoke>');
  process.exit(1);
}

const PATHUSD = '0x20c0000000000000000000000000000000000000' as const;
const PATHUSD_DECIMALS = 6;
const PRIVATE_KEY = process.env.MPPX_PRIVATE_KEY as `0x${string}` | undefined;
if (!PRIVATE_KEY) {
  console.error('ERROR: Set MPPX_PRIVATE_KEY=0x<your_private_key>');
  process.exit(1);
}

const payer = privateKeyToAccount(PRIVATE_KEY as `0x${string}`);

const client = createPublicClient({
  chain: {
    id: 42431,
    name: 'Tempo Testnet',
    nativeCurrency: { name: 'ETH', symbol: 'ETH', decimals: 18 },
    rpcUrls: { default: { http: ['https://rpc.moderato.tempo.xyz'] } },
  },
  transport: http(),
});

const balanceOfAbi = [
  {
    type: 'function',
    name: 'balanceOf',
    inputs: [{ name: 'account', type: 'address' }],
    outputs: [{ name: '', type: 'uint256' }],
    stateMutability: 'view',
  },
] as const;

async function getPathUsdBalance(address: `0x${string}`): Promise<bigint> {
  return client.readContract({
    address: PATHUSD,
    abi: balanceOfAbi,
    functionName: 'balanceOf',
    args: [address],
  });
}

function fmtBalance(raw: bigint): string {
  return `${formatUnits(raw, PATHUSD_DECIMALS)} PathUSD`;
}

async function getRecipientFromChallenge(url: string): Promise<`0x${string}`> {
  const res = await fetch(url);
  const wwwAuth = res.headers.get('www-authenticate') || '';
  const requestMatch = wwwAuth.match(/request="([^"]*)"/);
  if (requestMatch) {
    const decoded = JSON.parse(Buffer.from(requestMatch[1], 'base64').toString());
    return decoded.recipient;
  }
  throw new Error('Could not parse recipient from challenge');
}

function mppxRequest(endpoint: string): string {
  const { execSync } = require('child_process');
  const result = execSync(`MPPX_PRIVATE_KEY=${PRIVATE_KEY} bunx mppx "${endpoint}" -v`, {
    encoding: 'utf-8',
    cwd: process.cwd(),
    timeout: 60_000,
  });
  return result;
}

const endpointUrl = `${API_URL}/agent/mpp/api-keys/revoke?api_key=${encodeURIComponent(API_KEY)}`;
const recipient = await getRecipientFromChallenge(endpointUrl);

console.log('\n--- Addresses ---');
console.log(`  Payer:     ${payer.address}`);
console.log(`  Recipient: ${recipient}`);

console.log('\n--- Step 1: Balances BEFORE payment ---\n');
const payerBefore = await getPathUsdBalance(payer.address);
const recipientBefore = await getPathUsdBalance(recipient);
console.log(`  Payer:     ${fmtBalance(payerBefore)}`);
console.log(`  Recipient: ${fmtBalance(recipientBefore)}`);

console.log('\n--- Step 2: Revoke API key — $0.001 ---\n');
try {
  const result = mppxRequest(endpointUrl);
  console.log(result);
} catch (err: unknown) {
  const execErr = err as { stdout?: string; stderr?: string };
  console.error('mppx CLI failed:');
  if (execErr.stdout) console.log(execErr.stdout);
  if (execErr.stderr) console.error(execErr.stderr);
  process.exit(1);
}

console.log('--- Step 3: Balances AFTER payment ---\n');
const payerAfter = await getPathUsdBalance(payer.address);
const recipientAfter = await getPathUsdBalance(recipient);
console.log(`  Payer:     ${fmtBalance(payerAfter)}`);
console.log(`  Recipient: ${fmtBalance(recipientAfter)}`);

console.log('\n--- Balance changes ---\n');
console.log(
  `  Payer:     ${fmtBalance(payerBefore)}${fmtBalance(payerAfter)} (${fmtBalance(payerAfter - payerBefore)})`,
);
console.log(
  `  Recipient: ${fmtBalance(recipientBefore)}${fmtBalance(recipientAfter)} (+${fmtBalance(recipientAfter - recipientBefore)})`,
);

process.exit(0);

MPPX_PRIVATE_KEY=0x<key> API_KEY=<uuid_to_revoke> bun run agent-api-key-revoke.ts

See also