Docs WaFloW

Delete APIs and webhooks

Table Of Contents

As your integrations evolve, it is normal for some API keys or webhooks to become unnecessary.
Properly removing these access points is essential for maintaining security, order, and control.

This document explains when and how to delete them without affecting the system.

When should you delete an API Key or webhook? #

It is advisable to delete an API Key or webhook when:

  • It is no longer used in any system.
  • You have changed tools (Make, n8n, proprietary system).
  • A test integration goes into production.
  • You suspect that a password has been compromised.
  • You want to reduce the attack surface.

Removing unnecessary access points is a good security practice.

Difference between revoking and deleting #

At WaFloW.ai:

  • Revoking/deleting an API Key immediately
    invalidates all requests that use it.
  • Delete a webhook
    Stops sending events to that URL.

Both actions are immediate.

How to delete an API Key #

To delete an API Key:

  1. Log in to your WaFloW.ai account.
  2. Log in to the corresponding subaccount.
  3. Go to the API/Webhooks section.
  4. Locate the API Key you want to delete.
  5. Select Delete or Revoke.

The key stops working instantly.

How to delete a webhook #

To delete a webhook:

  1. Access the subaccount.
  2. Go to API / Webhooks.
  3. Locate the active webhook.
  4. Click Delete.
  5. Confirm the action.

From that moment on, no more events will be sent to that endpoint.

What happens after deleting an API or webhook #

  • The associated integrations will no longer receive data.
  • No more events are sent.
  • Other subaccounts or devices are not affected.
  • The main system continues to operate normally.

Deleting accesses does not break WaFloW.ai, only that specific integration.

Best practices #

  • Document each API Key and webhook.
  • Periodically review active integrations.
  • Remove unused access points.
  • Use clear names to identify them.
  • Review logs after removing critical integrations.

Common mistakes #

  • ❌ Deleting an API key in use without warning.
  • ❌ Do not update external systems after revoking a key.
  • ❌ Accumulate old webhooks without control.
  • ❌ Do not test after removal.

Summary #

Deleting APIs and webhooks allows you to:

  • Maintain security.
  • Reduce risks.
  • Sort integrations.
  • Avoid unnecessary access.

What are your feelings

Updated on 26 de January de 2026