> ## Documentation Index > Fetch the complete documentation index at: https://altostrat.io/docs/llms.txt > Use this file to discover all available pages before exploring further. # Rotate API credentials for a site > Generates new API credentials for the specified site. The old credentials will be invalidated and replaced on the device. ## OpenAPI ````yaml /api/en/control-plane.yaml post /control-plane/{siteId}/credentials openapi: 3.0.3 info: title: Altostrat Control Plane API version: 1.0.0 description: >- The Altostrat Control Plane API is the microservice responsible for managing the configuration, security policies, and on-demand access for individual MikroTik network sites. It serves as the central orchestration layer within the Altostrat SDX platform, translating high-level user configurations into actionable commands and secure access rules for managed network devices. This API allows you to programmatically manage: - **Policies:** Centralized firewall and service management rules that define how sites behave and what traffic is permitted. - **Transient Access:** Secure, time-limited SSH and Winbox connections to your devices for remote diagnostics and maintenance, without exposing them permanently to the internet. - **API Credentials:** The unique credentials used by the Altostrat platform to securely communicate with and manage each of your network sites. Developers use this API to automate network security configurations, manage device access policies, and create temporary, secure connections for remote operations. servers: - url: https://v1.api.altostrat.io description: Production API Server security: - bearerAuth: [] tags: - name: Policies description: Manage firewall and service access policies for sites. - name: Transient Access description: Create and manage temporary, secure administrative access to sites. - name: Transient Port Forwarding description: >- Create and manage temporary, secure port forwards to devices behind a site. - name: Site Operations description: Perform actions and manage configurations for specific sites. - name: Site Notes description: Read and update the note attached to a managed site. paths: /control-plane/{siteId}/credentials: parameters: - $ref: '#/components/parameters/SiteId' post: tags: - Site Operations summary: Rotate API credentials for a site description: >- Generates new API credentials for the specified site. The old credentials will be invalidated and replaced on the device. responses: '200': description: The new API credential object. content: application/json: schema: $ref: '#/components/schemas/ApiCredential' '401': description: Unauthorized. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '404': description: Not Found - The specified site does not exist. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal Server Error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' components: parameters: SiteId: name: siteId in: path required: true description: The unique identifier for the site. schema: type: string format: uuid example: d290f1ee-6c54-4b01-90e6-d701748f0851 schemas: ApiCredential: type: object properties: id: type: string format: uuid description: The unique identifier for the credential set. example: b7a6c5d4-e3f2-1098-7654-3210abcdef98 site_id: type: string format: uuid description: The ID of the site these credentials belong to. example: d290f1ee-6c54-4b01-90e6-d701748f0851 username: type: string description: The username for API access to the device. example: altostrat-api password: type: string description: The password for API access to the device. example: Extr3m3lyS3cur3P@ssw0rdG3n3r@t3d ip_address: type: string format: ipv4 description: The private IP address of the device within the management tunnel. example: 100.64.1.23 api_port: type: integer description: The API port configured on the device, as per its policy. example: 8728 server_ip: type: string description: >- The hostname of the Altostrat management server managing the device's tunnel. example: edge-us-east-1a.ostrat.io created_at: type: string format: date-time description: The timestamp when these credentials were created. example: '2025-10-28T05:00:00Z' updated_at: type: string format: date-time description: The timestamp when these credentials were last updated. example: '2025-10-28T05:00:00Z' ErrorResponse: type: object properties: type: type: string description: A broad category for the error (e.g., 'invalid_request_error'). example: invalid_request_error code: type: string description: A short, unique string identifying the specific error. example: parameter_missing message: type: string description: A human-readable description of what went wrong. example: The 'name' parameter is required for this request. doc_url: type: string description: >- A direct link to the documentation page for this specific error code. example: https://docs.altostrat.io/errors/parameter_missing securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT description: Enter your JWT bearer token. ````