Remove a physical key from the user inventory
Removes the physical-key entry with the given number from the user's inventory. The next-number counter is NOT decremented — numbers are never reused after removal.
curl -X POST "https://api.spkey.co/users/example_string/RemovePhysicalKey" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_API_TOKEN (JWT)" \
-H "X-API-Key: YOUR_API_KEY" \
-d '{
"number": 42,
"_callerOrgId": "example_string"
}'
import requests
import json
url = "https://api.spkey.co/users/example_string/RemovePhysicalKey"
headers = {
"Content-Type": "application/json",
"Authorization": "Bearer YOUR_API_TOKEN (JWT)",
"X-API-Key": "YOUR_API_KEY"
}
data = {
"number": 42,
"_callerOrgId": "example_string"
}
response = requests.post(url, headers=headers, json=data)
print(response.json())
const response = await fetch("https://api.spkey.co/users/example_string/RemovePhysicalKey", {
method: "POST",
headers: {
"Content-Type": "application/json",
"Authorization": "Bearer YOUR_API_TOKEN (JWT)",
"X-API-Key": "YOUR_API_KEY"
},
body: JSON.stringify({
"number": 42,
"_callerOrgId": "example_string"
})
});
const data = await response.json();
console.log(data);
package main
import (
"fmt"
"net/http"
"bytes"
"encoding/json"
)
func main() {
data := []byte(`{
"number": 42,
"_callerOrgId": "example_string"
}`)
req, err := http.NewRequest("POST", "https://api.spkey.co/users/example_string/RemovePhysicalKey", bytes.NewBuffer(data))
if err != nil {
panic(err)
}
req.Header.Set("Content-Type", "application/json")
req.Header.Set("Authorization", "Bearer YOUR_API_TOKEN (JWT)")
req.Header.Set("X-API-Key", "YOUR_API_KEY")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
fmt.Println("Response Status:", resp.Status)
}
require 'net/http'
require 'json'
uri = URI('https://api.spkey.co/users/example_string/RemovePhysicalKey')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Post.new(uri)
request['Content-Type'] = 'application/json'
request['Authorization'] = 'Bearer YOUR_API_TOKEN (JWT)'
request['X-API-Key'] = 'YOUR_API_KEY'
request.body = '{
"number": 42,
"_callerOrgId": "example_string"
}'
response = http.request(request)
puts response.body
{
"success": true,
"aggregateId": "example_string",
"version": 3.14,
"event": "null",
"number": 42
}
{
"error": "Bad Request",
"message": "The request contains invalid parameters or malformed data",
"code": 400,
"details": [
{
"field": "email",
"message": "Invalid email format"
}
]
}
{
"error": "Not Found",
"message": "The requested resource was not found",
"code": 404
}
/users/{id}/RemovePhysicalKeyTarget server for requests. Edit to use your own host.
JWT token from SmartphoneKey authentication. Identifies the B2C user or B2B service.
API key for B2B organization access. Provided during organization onboarding.
User ID
The media type of the request body
Number of the physical key to remove
Server-set: caller org id from API-key auth. Clients MUST NOT supply this.
Request Preview
Response
Response will appear here after sending the request
Authentication
Bearer token (JWT). JWT token from SmartphoneKey authentication. Identifies the B2C user or B2B service.
API Key for authentication. API key for B2B organization access. Provided during organization onboarding.
Path Parameters
User ID
Body
Number of the physical key to remove
Server-set: caller org id from API-key auth. Clients MUST NOT supply this.