If you suspect that your secret API key has been compromised, you may wish to expire your existing API key and generate a new one.
You can do so by clicking on the Regenerate link in ScheduleOnce > Setup > Integrations > API Integration.
Figure 1: API key - Regenerate link
If an API key is regenerated, the old key will expire and can no longer be used for authentication. You will need to use the new key to access the API.
However, any Webhook subscriptions you created with the old key will still be active, even though the API key that originally authenticated them is now expired. Since Webhook subscriptions are not associated with a specific API key after they are created, the status of the Webhook is independent of your current API key.
If you wish to delete a Webhook that you created with an old API key via the API, you will need to use the new API key to authenticate your DELETE request. Learn more about managing Webhook subscriptions