@esri/arcgis-rest-developer-credentials 1.1.0 → 2.1.0

package/dist/bundled/developer-credentials.umd.js

@@ -1,7 +1,7 @@
 /* @preserve
-* @esri/arcgis-rest-developer-credentials - v1.0.1 - Apache-2.0
+* @esri/arcgis-rest-developer-credentials - v2.0.0 - Apache-2.0
 * Copyright (c) 2017-2025 Esri, Inc.
-* Thu Jan 23 2025 20:05:00 GMT+0000 (Coordinated Universal Time)
+* Wed Feb 26 2025 22:10:42 GMT+0000 (Coordinated Universal Time)
 */
 (function (global, factory) {
   typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports, require('@esri/arcgis-rest-portal'), require('@esri/arcgis-rest-request')) :
@@ -9,38 +9,62 @@
   (global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.arcgisRest = global.arcgisRest || {}, global.arcgisRest, global.arcgisRest));
 })(this, (function (exports, arcgisRestPortal, arcgisRestRequest) { 'use strict';
 
+  /* Copyright (c) 2023 Environmental Systems Research Institute, Inc.
+   * Apache-2.0 */
   /**
-   * Used to describe privilege list of an app.
+   * Used to retrieve registered app info. See the [REST Documentation](https://developers.arcgis.com/rest/users-groups-and-items/registered-app-info.htm) for more information.
+   *
+   * ```js
+   * import { getRegisteredAppInfo, IApp } from '@esri/arcgis-rest-developer-credentials';
+   * import { ArcGISIdentityManager } from "@esri/arcgis-rest-request";
+   *
+   * const authSession: ArcGISIdentityManager = await ArcGISIdentityManager.signIn({
+   *   username: "xyz_usrName",
+   *   password: "xyz_pw"
+   * });
+   *
+   * getRegisteredAppInfo({
+   *   itemId: "xyz_itemId",
+   *   authentication: authSession
+   * }).then((registeredApp: IApp) => {
+   *   // => {client_id: "xyz_id", client_secret: "xyz_secret", ...}
+   * }).catch(e => {
+   *   // => an exception object
+   * });
+   * ```
+   *
+   * @param requestOptions - Options for {@linkcode getRegisteredAppInfo | getRegisteredAppInfo()}, including an itemId of which app to retrieve and an {@linkcode ArcGISIdentityManager} authentication session.
+   * @returns A Promise that will resolve to an {@linkcode IApp} object representing successfully retrieved app.
    */
-  exports.Privileges = void 0;
-  (function (Privileges) {
-      Privileges["Basemaps"] = "portal:apikey:basemaps";
-      Privileges["Demographics"] = "premium:user:demographics";
-      Privileges["Elevation"] = "premium:user:elevation";
-      Privileges["FeatureReport"] = "premium:user:featurereport";
-      Privileges["Geocode"] = "premium:user:geocode";
-      Privileges["GeocodeStored"] = "premium:user:geocode:stored";
-      Privileges["GeocodeTemporary"] = "premium:user:geocode:temporary";
-      Privileges["GeoEnrichment"] = "premium:user:geoenrichment";
-      Privileges["NetworkAnalysis"] = "premium:user:networkanalysis";
-      Privileges["NetworkAnalysisRouting"] = "premium:user:networkanalysis:routing";
-      Privileges["NetworkAnalysisOptimizedRouting"] = "premium:user:networkanalysis:optimizedrouting";
-      Privileges["NetworkAnalysisClosestFacility"] = "premium:user:networkanalysis:closestfacility";
-      Privileges["NetworkAnalysisServiceArea"] = "premium:user:networkanalysis:servicearea";
-      Privileges["NetworkAnalysisLocationalLocation"] = "premium:user:networkanalysis:locationallocation";
-      Privileges["NetworkAnalysisVehicleRouting"] = "premium:user:networkanalysis:vehiclerouting";
-      Privileges["NetworkAnalysisOriginDestinationCostMatrix"] = "premium:user:networkanalysis:origindestinationcostmatrix";
-      Privileges["Places"] = "premium:user:places";
-      Privileges["SpatialAnalysis"] = "premium:user:spatialanalysis";
-      Privileges["GeoAnalytics"] = "premium:publisher:geoanalytics";
-      Privileges["RasterAnalysis"] = "premium:publisher:rasteranalysis";
-  })(exports.Privileges || (exports.Privileges = {}));
+  async function getRegisteredAppInfo(requestOptions) {
+      const userName = await requestOptions.authentication.getUsername();
+      const url = arcgisRestPortal.getPortalUrl(requestOptions) +
+          `/content/users/${userName}/items/${requestOptions.itemId}/registeredAppInfo`;
+      requestOptions.httpMethod = "POST";
+      const registeredAppResponse = await arcgisRestRequest.request(url, Object.assign(Object.assign({}, requestOptions), { params: { f: "json" } }));
+      return registeredAppResponseToApp(registeredAppResponse);
+  }
+
+  async function generateApiKeyToken(options) {
+      const portal = arcgisRestPortal.getPortalUrl(options);
+      const url = `${portal}/oauth2/token`;
+      const appInfo = await getRegisteredAppInfo({
+          itemId: options.itemId,
+          authentication: options.authentication
+      });
+      const params = {
+          client_id: appInfo.client_id,
+          client_secret: appInfo.client_secret,
+          apiToken: options.apiKey,
+          regenerateApiToken: true,
+          grant_type: "client_credentials"
+      };
+      // authentication is not being passed to the request because client_secret acts as the auth
+      return arcgisRestRequest.request(url, {
+          params
+      });
+  }
 
-  /**
-   * @internal
-   * Used to check privileges validity.
-   */
-  const arePrivilegesValid = (privileges) => privileges.every((element) => Object.values(exports.Privileges).includes(element));
   /**
    * @internal
    * Encode special params value (e.g. array type...) in advance in order to make {@linkcode encodeParam} works correctly. Usage is case by case.
@@ -62,7 +86,8 @@
           "apnsProdCert",
           "apnsSandboxCert",
           "gcmApiKey",
-          "isBeta"
+          "isBeta",
+          "customAppLoginShowTriage"
       ];
       const dateKeys = ["modified", "registered"];
       return Object.keys(response)
@@ -82,13 +107,11 @@
    * Used to convert {@linkcode IApp} to {@linkcode IApiKeyInfo} only if `appType` is "apikey".
    */
   function appToApiKeyProperties(response) {
-      if (response.appType !== "apikey" || !("apiKey" in response)) {
-          throw new Error("Item is not an API key.");
-      }
-      delete response.client_id;
       delete response.client_secret;
       delete response.redirect_uris;
       delete response.appType;
+      delete response.customAppLoginShowTriage;
+      delete response.apiKey;
       return response;
   }
   /**
@@ -96,12 +119,14 @@
    * Used to convert {@linkcode IApp} to {@linkcode IOAuthAppInfo}.
    */
   function appToOAuthAppProperties(response) {
-      if (response.appType === "apikey") {
-          throw new Error("Item is not an OAuth 2.0 app.");
-      }
       delete response.appType;
       delete response.httpReferrers;
       delete response.privileges;
+      delete response.apiKey;
+      delete response.customAppLoginShowTriage;
+      delete response.isPersonalAPIToken;
+      delete response.apiToken1Active;
+      delete response.apiToken2Active;
       return response;
   }
   /**
@@ -134,6 +159,84 @@
           return obj;
       }, {});
   }
+  /**
+   * Used to determine if a generated key is in slot 1 or slot 2 key. The full API key should be passed. `undefined` will be returned if the proper slot could not be identified.
+   */
+  function slotForKey(key) {
+      const slot = parseInt(key.substring(key.length - 10, key.length - 9));
+      if (slot === 1 || slot === 2) {
+          return slot;
+      }
+      return undefined;
+  }
+  /**
+   * @internal
+   * Used to determine which slot to invalidate a key in given a number or a full or patial key.
+   */
+  function slotForInvalidationKey(param) {
+      if (param === 1 || param === 2) {
+          return param;
+      }
+      if (typeof param !== "string") {
+          return undefined;
+      }
+      const fullKeySlot = slotForKey(param);
+      if (fullKeySlot) {
+          return fullKeySlot;
+      }
+  }
+  /**
+   * @internal
+   * Used to generate tokens in slot 1 and/or 2 of an API key.
+   */
+  function generateApiKeyTokens(itemId, slots, requestOptions) {
+      return Promise.all(slots.map((slot) => {
+          return generateApiKeyToken(Object.assign({ itemId, apiKey: slot }, requestOptions));
+      })).then((responses) => {
+          return responses
+              .map((responses) => responses.access_token)
+              .reduce((obj, token, index) => {
+              obj[`accessToken${slotForKey(token)}`] = token;
+              return obj;
+          }, {});
+      });
+  }
+  /**
+   * @internal
+   * Convert boolean flags to an array of slots for {@linkcode generateApiKeyTokens}.
+   */
+  function generateOptionsToSlots(generateToken1, generateToken2) {
+      const slots = [];
+      if (generateToken1) {
+          slots.push(1);
+      }
+      if (generateToken2) {
+          slots.push(2);
+      }
+      return slots;
+  }
+  /**
+   * @internal
+   * Build params for updating expiration dates
+   */
+  function buildExpirationDateParams(requestOptions, fillDefaults) {
+      const updateparams = {};
+      if (requestOptions.apiToken1ExpirationDate) {
+          updateparams.apiToken1ExpirationDate =
+              requestOptions.apiToken1ExpirationDate;
+      }
+      if (requestOptions.apiToken2ExpirationDate) {
+          updateparams.apiToken2ExpirationDate =
+              requestOptions.apiToken2ExpirationDate;
+      }
+      if (fillDefaults && !updateparams.apiToken1ExpirationDate) {
+          updateparams.apiToken1ExpirationDate = -1;
+      }
+      if (fillDefaults && !updateparams.apiToken2ExpirationDate) {
+          updateparams.apiToken2ExpirationDate = -1;
+      }
+      return updateparams;
+  }
 
   /* Copyright (c) 2023 Environmental Systems Research Institute, Inc.
    * Apache-2.0 */
@@ -161,7 +264,7 @@
    *   appType: "multiple",
    *   redirect_uris: ["http://localhost:3000/"],
    *   httpReferrers: ["http://localhost:3000/"],
-   *   privileges: [Privileges.Geocode, Privileges.FeatureReport],
+   *   privileges: ["premium:user:geocode:temporary", Privileges.FeatureReport],
    *   authentication: authSession
    * }).then((registeredApp: IApp) => {
    *   // => {client_id: "xyz_id", client_secret: "xyz_secret", ...}
@@ -174,10 +277,6 @@
    * @returns A Promise that will resolve to an {@linkcode IApp} object representing the newly registered app.
    */
   async function registerApp(requestOptions) {
-      // privileges validation
-      if (!arePrivilegesValid(requestOptions.privileges)) {
-          throw new Error("The `privileges` option contains invalid privileges.");
-      }
       // build params
       const options = arcgisRestRequest.appendCustomParams(requestOptions, [
           "itemId",
@@ -209,14 +308,20 @@
    *   password: "xyz_pw"
    * });
    *
+   * const threeDaysFromToday = new Date();
+   * threeDaysFromToday.setDate(threeDaysFromToday.getDate() + 3);
+   * threeDaysFromToday.setHours(23, 59, 59, 999);
+   *
    * createApiKey({
    *   title: "xyz_title",
    *   description: "xyz_desc",
    *   tags: ["xyz_tag1", "xyz_tag2"],
-   *   privileges: [Privileges.Geocode, Privileges.FeatureReport],
-   *   authentication: authSession
+   *   privileges: ["premium:user:networkanalysis:routing"],
+   *   authentication: authSession,
+   *   generateToken1: true, // optional,generate a new token
+   *   apiToken1ExpirationDate: threeDaysFromToday  // optional, update expiration date
    * }).then((registeredAPIKey: IApiKeyResponse) => {
-   *   // => {apiKey: "xyz_key", item: {tags: ["xyz_tag1", "xyz_tag2"], ...}, ...}
+   *   // => {accessToken1: "xyz_key", item: {tags: ["xyz_tag1", "xyz_tag2"], ...}, ...}
    * }).catch(e => {
    *   // => an exception object
    * });
@@ -226,9 +331,6 @@
    * @returns A Promise that will resolve to an {@linkcode IApiKeyResponse} object representing the newly registered API key.
    */
   async function createApiKey(requestOptions) {
-      if (!arePrivilegesValid(requestOptions.privileges)) {
-          throw new Error("The `privileges` option contains invalid privileges.");
-      }
       requestOptions.httpMethod = "POST";
       // filter param buckets:
       const baseRequestOptions = extractBaseRequestOptions(requestOptions); // snapshot of basic IRequestOptions before customized params being built into it
@@ -248,52 +350,37 @@
           "typeKeywords",
           "url"
       ];
-      // step 1: add item
-      const createItemOption = Object.assign(Object.assign({ item: Object.assign(Object.assign({}, filterKeys(requestOptions, itemAddProperties)), { type: "API Key" }) }, baseRequestOptions), { authentication: requestOptions.authentication, params: {
+      /**
+       * step 1: create item
+       */
+      const createItemOption = Object.assign(Object.assign({ item: Object.assign(Object.assign({}, filterKeys(requestOptions, itemAddProperties)), { type: "Application" }) }, baseRequestOptions), { authentication: requestOptions.authentication, params: {
               f: "json"
           } });
       const createItemResponse = await arcgisRestPortal.createItem(createItemOption);
-      // step 2: register app
-      const registerAppOption = Object.assign(Object.assign({ itemId: createItemResponse.id, appType: "apikey", redirect_uris: [], httpReferrers: requestOptions.httpReferrers || [], privileges: requestOptions.privileges }, baseRequestOptions), { authentication: requestOptions.authentication });
-      const registeredAppResponse = await registerApp(registerAppOption);
+      /**
+       * getRegisteredAppInfoRoute
+       */
+      const registerAppOptions = Object.assign(Object.assign({ itemId: createItemResponse.id, appType: "multiple", redirect_uris: ["urn:ietf:wg:oauth:2.0:oob"], httpReferrers: requestOptions.httpReferrers || [], privileges: requestOptions.privileges }, baseRequestOptions), { authentication: requestOptions.authentication });
+      const registeredAppResponse = await registerApp(registerAppOptions);
+      /**
+       * step 3: update item with desired expiration dates
+       * you cannot set the expiration date propierties until you
+       * regiester the app so this has to be a seperate step
+       */
+      await arcgisRestPortal.updateItem(Object.assign(Object.assign({}, baseRequestOptions), { item: Object.assign({ id: createItemResponse.id }, buildExpirationDateParams(requestOptions, true)), authentication: requestOptions.authentication }));
+      /*
+       * step 4: get item info
+       */
       const itemInfo = await arcgisRestPortal.getItem(registeredAppResponse.itemId, Object.assign(Object.assign({}, baseRequestOptions), { authentication: requestOptions.authentication, params: { f: "json" } }));
-      return Object.assign(Object.assign({}, appToApiKeyProperties(registeredAppResponse)), { item: itemInfo });
-  }
-
-  /* Copyright (c) 2023 Environmental Systems Research Institute, Inc.
-   * Apache-2.0 */
-  /**
-   * Used to retrieve registered app info. See the [REST Documentation](https://developers.arcgis.com/rest/users-groups-and-items/registered-app-info.htm) for more information.
-   *
-   * ```js
-   * import { getRegisteredAppInfo, IApp } from '@esri/arcgis-rest-developer-credentials';
-   * import { ArcGISIdentityManager } from "@esri/arcgis-rest-request";
-   *
-   * const authSession: ArcGISIdentityManager = await ArcGISIdentityManager.signIn({
-   *   username: "xyz_usrName",
-   *   password: "xyz_pw"
-   * });
-   *
-   * getRegisteredAppInfo({
-   *   itemId: "xyz_itemId",
-   *   authentication: authSession
-   * }).then((registeredApp: IApp) => {
-   *   // => {client_id: "xyz_id", client_secret: "xyz_secret", ...}
-   * }).catch(e => {
-   *   // => an exception object
-   * });
-   * ```
-   *
-   * @param requestOptions - Options for {@linkcode getRegisteredAppInfo | getRegisteredAppInfo()}, including an itemId of which app to retrieve and an {@linkcode ArcGISIdentityManager} authentication session.
-   * @returns A Promise that will resolve to an {@linkcode IApp} object representing successfully retrieved app.
-   */
-  async function getRegisteredAppInfo(requestOptions) {
-      const userName = await requestOptions.authentication.getUsername();
-      const url = arcgisRestPortal.getPortalUrl(requestOptions) +
-          `/content/users/${userName}/items/${requestOptions.itemId}/registeredAppInfo`;
-      requestOptions.httpMethod = "POST";
-      const registeredAppResponse = await arcgisRestRequest.request(url, Object.assign(Object.assign({}, requestOptions), { params: { f: "json" } }));
-      return registeredAppResponseToApp(registeredAppResponse);
+      /**
+       * step 5: generate tokens if requested
+       */
+      const generatedTokens = await generateApiKeyTokens(itemInfo.id, generateOptionsToSlots(requestOptions.generateToken1, requestOptions.generateToken2), Object.assign(Object.assign({}, baseRequestOptions), { authentication: requestOptions.authentication }));
+      /**
+       * step 6: get registered app info to get updated active key status
+       */
+      const updatedRegisteredAppResponse = await getRegisteredAppInfo(Object.assign(Object.assign({}, baseRequestOptions), { itemId: itemInfo.id, authentication: requestOptions.authentication }));
+      return Object.assign(Object.assign(Object.assign({}, generatedTokens), appToApiKeyProperties(updatedRegisteredAppResponse)), { item: itemInfo });
   }
 
   /* Copyright (c) 2023 Environmental Systems Research Institute, Inc.
@@ -314,13 +401,19 @@
    *   password: "xyz_pw"
    * });
    *
+   * const threeDaysFromToday = new Date();
+   * threeDaysFromToday.setDate(threeDaysFromToday.getDate() + 3);
+   * threeDaysFromToday.setHours(23, 59, 59, 999);
+   *
    * updateApiKey({
    *   itemId: "xyz_itemId",
-   *   privileges: [Privileges.Geocode],
+   *   privileges: ["premium:user:geocode:temporary"],
    *   httpReferrers: [], // httpReferrers will be set to be empty
    *   authentication: authSession
+   *   generateToken1: true, // optional,generate a new token
+   *   apiToken1ExpirationDate: threeDaysFromToday  // optional, update expiration date
    * }).then((updatedAPIKey: IApiKeyResponse) => {
-   *   // => {apiKey: "xyz_key", item: {tags: ["xyz_tag1", "xyz_tag2"], ...}, ...}
+   *   // => {accessToken1: "xyz_key", item: {tags: ["xyz_tag1", "xyz_tag2"], ...}, ...}
    * }).catch(e => {
    *   // => an exception object
    * });
@@ -330,33 +423,46 @@
    * @returns A Promise that will resolve to an {@linkcode IApiKeyResponse} object representing updated API key.
    */
   async function updateApiKey(requestOptions) {
-      // privileges validation
-      if (requestOptions.privileges &&
-          !arePrivilegesValid(requestOptions.privileges)) {
-          throw new Error("The `privileges` option contains invalid privileges.");
-      }
       requestOptions.httpMethod = "POST";
-      // get app
       const baseRequestOptions = extractBaseRequestOptions(requestOptions); // get base requestOptions snapshot
-      const getAppOption = Object.assign(Object.assign({}, baseRequestOptions), { authentication: requestOptions.authentication, itemId: requestOptions.itemId });
-      const appResponse = await getRegisteredAppInfo(getAppOption);
-      // appType must be APIKey to continue
-      if (appResponse.appType !== "apikey" || !("apiKey" in appResponse)) {
-          throw new Error("Item is not an API key.");
+      /**
+       * step 1: update expiration dates if provided. Build the object up to avoid overwriting any existing properties.
+       */
+      if (requestOptions.apiToken1ExpirationDate ||
+          requestOptions.apiToken2ExpirationDate) {
+          const updateParams = buildExpirationDateParams(requestOptions);
+          await arcgisRestPortal.updateItem(Object.assign(Object.assign({}, baseRequestOptions), { item: Object.assign({ id: requestOptions.itemId }, updateParams), authentication: requestOptions.authentication }));
       }
-      const clientId = appResponse.client_id;
-      const options = arcgisRestRequest.appendCustomParams(Object.assign(Object.assign({}, appResponse), requestOptions), // object with the custom params to look in
-      ["privileges", "httpReferrers"] // keys you want copied to the params object
-      );
-      options.params.f = "json";
-      // encode special params value (e.g. array type...) in advance in order to make encodeQueryString() works correctly
-      stringifyArrays(options);
-      const url = arcgisRestPortal.getPortalUrl(options) + `/oauth2/apps/${clientId}/update`;
-      // Raw response from `/oauth2/apps/${clientId}/update`, apiKey not included because key is same.
-      const updateResponse = await arcgisRestRequest.request(url, Object.assign(Object.assign({}, options), { authentication: requestOptions.authentication }));
-      const app = registeredAppResponseToApp(Object.assign(Object.assign({}, updateResponse), { apiKey: appResponse.apiKey }));
-      const itemInfo = await arcgisRestPortal.getItem(requestOptions.itemId, Object.assign(Object.assign({}, baseRequestOptions), { authentication: requestOptions.authentication, params: { f: "json" } }));
-      return Object.assign(Object.assign({}, appToApiKeyProperties(app)), { item: itemInfo });
+      /**
+       * step 2: update privileges and httpReferrers if provided. Build the object up to avoid overwriting any existing properties.
+       */
+      if (requestOptions.privileges || requestOptions.httpReferrers) {
+          const getAppOption = Object.assign(Object.assign({}, baseRequestOptions), { authentication: requestOptions.authentication, itemId: requestOptions.itemId });
+          const appResponse = await getRegisteredAppInfo(getAppOption);
+          const clientId = appResponse.client_id;
+          const options = arcgisRestRequest.appendCustomParams(Object.assign(Object.assign({}, appResponse), requestOptions), // object with the custom params to look in
+          ["privileges", "httpReferrers"] // keys you want copied to the params object
+          );
+          options.params.f = "json";
+          // encode special params value (e.g. array type...) in advance in order to make encodeQueryString() works correctly
+          stringifyArrays(options);
+          const url = arcgisRestPortal.getPortalUrl(options) + `/oauth2/apps/${clientId}/update`;
+          // Raw response from `/oauth2/apps/${clientId}/update`, apiKey not included because key is same.
+          await arcgisRestRequest.request(url, Object.assign(Object.assign({}, options), { authentication: requestOptions.authentication }));
+      }
+      /**
+       * step 3: get the updated item info to return to the user.
+       */
+      const updatedItemInfo = await arcgisRestPortal.getItem(requestOptions.itemId, Object.assign(Object.assign({}, baseRequestOptions), { authentication: requestOptions.authentication, params: { f: "json" } }));
+      /**
+       * step 4: generate tokens if requested
+       */
+      const generatedTokens = await generateApiKeyTokens(requestOptions.itemId, generateOptionsToSlots(requestOptions.generateToken1, requestOptions.generateToken2), Object.assign(Object.assign({}, baseRequestOptions), { authentication: requestOptions.authentication }));
+      /**
+       * step 5: get updated registered app info
+       */
+      const updatedRegisteredAppResponse = await getRegisteredAppInfo(Object.assign(Object.assign({}, baseRequestOptions), { itemId: requestOptions.itemId, authentication: requestOptions.authentication }));
+      return Object.assign(Object.assign(Object.assign({}, generatedTokens), appToApiKeyProperties(updatedRegisteredAppResponse)), { item: updatedItemInfo });
   }
 
   /* Copyright (c) 2023 Environmental Systems Research Institute, Inc.
@@ -395,37 +501,39 @@
   /* Copyright (c) 2023 Environmental Systems Research Institute, Inc.
    * Apache-2.0 */
   /**
-   * Used to delete the API Key with given `itemId`.
+   * Used to invalidate an API key.
    *
    * ```js
-   * import { deleteApiKey, IDeleteApiKeyResponse } from '@esri/arcgis-rest-developer-credentials';
-   * import { ArcGISIdentityManager } from "@esri/arcgis-rest-request";
-   *
-   * const authSession: ArcGISIdentityManager = await ArcGISIdentityManager.signIn({
-   *   username: "xyz_usrName",
-   *   password: "xyz_pw"
-   * });
-   *
-   * deleteApiKey({
-   *   itemId: "xyz_itemId",
-   *   authentication: authSession
-   * }).then((deletedApiKey: IDeleteApiKeyResponse) => {
-   *   // => {itemId: "xyz_itemId", success: true}
+   * import { invalidateApiKey } from "@esri/arcgis-rest-developer-credentials";
+   *
+   * invalidateApiKey({
+   *   itemId: ITEM_ID,
+   *   authentication,
+   *   apiKey: 1, // invalidate the key in slot 1
+   * }).then((response) => {
+   *   // => {success: true}
    * }).catch(e => {
    *   // => an exception object
    * });
-   * ```
-   *
-   * @param requestOptions - Options for {@linkcode deleteApiKey | deleteApiKey()}, including `itemId` of which API key to be deleted and an {@linkcode ArcGISIdentityManager} authentication session.
-   * @returns A Promise that will resolve to an {@linkcode IDeleteApiKeyResponse} object representing deletion status.
    */
-  async function deleteApiKey(requestOptions) {
-      requestOptions.httpMethod = "POST";
-      const baseRequestOptions = extractBaseRequestOptions(requestOptions);
-      // validate provided itemId associates with API Key
-      await getApiKey(Object.assign(Object.assign({}, baseRequestOptions), { itemId: requestOptions.itemId, authentication: requestOptions.authentication }));
-      const removeItemResponse = await arcgisRestPortal.removeItem(Object.assign(Object.assign({}, baseRequestOptions), { id: requestOptions.itemId, authentication: requestOptions.authentication, params: { f: "json" } }));
-      return removeItemResponse;
+  async function invalidateApiKey(requestOptions) {
+      const portal = arcgisRestPortal.getPortalUrl(requestOptions);
+      const url = `${portal}/oauth2/revokeToken`;
+      const appInfo = await getRegisteredAppInfo({
+          itemId: requestOptions.itemId,
+          authentication: requestOptions.authentication
+      });
+      const params = {
+          client_id: appInfo.client_id,
+          client_secret: appInfo.client_secret,
+          apiToken: slotForInvalidationKey(requestOptions.apiKey),
+          regenerateApiToken: true,
+          grant_type: "client_credentials"
+      };
+      // authentication is not being passed to the request because client_secret acts as the auth
+      return arcgisRestRequest.request(url, {
+          params
+      });
   }
 
   /* Copyright (c) 2023 Environmental Systems Research Institute, Inc.
@@ -461,42 +569,6 @@
       return Object.assign(Object.assign({}, appToOAuthAppProperties(appResponse)), { item: itemInfo });
   }
 
-  /* Copyright (c) 2023 Environmental Systems Research Institute, Inc.
-   * Apache-2.0 */
-  /**
-   * Used to delete the OAuth2.0 app with given `itemId`.
-   *
-   * ```js
-   * import { deleteOAuthApp, IDeleteOAuthAppResponse } from '@esri/arcgis-rest-developer-credentials';
-   * import { ArcGISIdentityManager } from "@esri/arcgis-rest-request";
-   *
-   * const authSession: ArcGISIdentityManager = await ArcGISIdentityManager.signIn({
-   *   username: "xyz_usrName",
-   *   password: "xyz_pw"
-   * });
-   *
-   * deleteOAuthApp({
-   *   itemId: "xyz_itemId",
-   *   authentication: authSession
-   * }).then((deletedOAuthApp: IDeleteOAuthAppResponse) => {
-   *   // => {itemId: "xyz_itemId", success: true}
-   * }).catch(e => {
-   *   // => an exception object
-   * });
-   * ```
-   *
-   * @param requestOptions - Options for {@linkcode deleteOAuthApp | deleteOAuthApp()}, including `itemId` of which OAuth app to be deleted and an {@linkcode ArcGISIdentityManager} authentication session.
-   * @returns A Promise that will resolve to an {@linkcode IDeleteOAuthAppResponse} object representing deletion status.
-   */
-  async function deleteOAuthApp(requestOptions) {
-      requestOptions.httpMethod = "POST";
-      const baseRequestOptions = extractBaseRequestOptions(requestOptions);
-      // validate provided itemId associates with OAuth app
-      await getOAuthApp(Object.assign(Object.assign({}, baseRequestOptions), { itemId: requestOptions.itemId, authentication: requestOptions.authentication }));
-      const removeItemResponse = await arcgisRestPortal.removeItem(Object.assign(Object.assign({}, baseRequestOptions), { id: requestOptions.itemId, authentication: requestOptions.authentication, params: { f: "json" } }));
-      return removeItemResponse;
-  }
-
   /* Copyright (c) 2023 Environmental Systems Research Institute, Inc.
    * Apache-2.0 */
   /**
@@ -655,18 +727,21 @@
 
   exports.appToApiKeyProperties = appToApiKeyProperties;
   exports.appToOAuthAppProperties = appToOAuthAppProperties;
-  exports.arePrivilegesValid = arePrivilegesValid;
+  exports.buildExpirationDateParams = buildExpirationDateParams;
   exports.createApiKey = createApiKey;
   exports.createOAuthApp = createOAuthApp;
-  exports.deleteApiKey = deleteApiKey;
-  exports.deleteOAuthApp = deleteOAuthApp;
   exports.extractBaseRequestOptions = extractBaseRequestOptions;
   exports.filterKeys = filterKeys;
+  exports.generateApiKeyTokens = generateApiKeyTokens;
+  exports.generateOptionsToSlots = generateOptionsToSlots;
   exports.getApiKey = getApiKey;
   exports.getOAuthApp = getOAuthApp;
   exports.getRegisteredAppInfo = getRegisteredAppInfo;
+  exports.invalidateApiKey = invalidateApiKey;
   exports.registerApp = registerApp;
   exports.registeredAppResponseToApp = registeredAppResponseToApp;
+  exports.slotForInvalidationKey = slotForInvalidationKey;
+  exports.slotForKey = slotForKey;
   exports.stringifyArrays = stringifyArrays;
   exports.unregisterApp = unregisterApp;
   exports.updateApiKey = updateApiKey;