diff --git a/app/controllers/user_api_keys_controller.rb b/app/controllers/user_api_keys_controller.rb
index 3875e982bc8..d4f8dfb6eb9 100644
--- a/app/controllers/user_api_keys_controller.rb
+++ b/app/controllers/user_api_keys_controller.rb
@@ -90,14 +90,18 @@ class UserApiKeysController < ApplicationController
   end
 
   def revoke
-    revoke_key = find_key
+    revoke_key = find_key if params[:id]
+
     if current_key = request.env['HTTP_USER_API_KEY']
       request_key = UserApiKey.find_by(key: current_key)
+      revoke_key ||= request_key
       if request_key && request_key.id != revoke_key.id && !request_key.write
         raise Discourse::InvalidAccess
       end
     end
 
+    raise Discourse::NotFound unless revoke_key
+
     revoke_key.update_columns(revoked_at: Time.zone.now)
 
     render json: success_json
diff --git a/spec/controllers/user_api_keys_controller_spec.rb b/spec/controllers/user_api_keys_controller_spec.rb
index 9d0324c9ac7..92bc23404fc 100644
--- a/spec/controllers/user_api_keys_controller_spec.rb
+++ b/spec/controllers/user_api_keys_controller_spec.rb
@@ -94,6 +94,17 @@ TXT
 
     end
 
+    it "allows for a revoke with no id" do
+      key = Fabricate(:readonly_user_api_key)
+      request.env['HTTP_USER_API_KEY'] = key.key
+      post :revoke
+
+      expect(response.status).to eq(200)
+
+      key.reload
+      expect(key.revoked_at).not_to eq(nil)
+    end
+
     it "will not allow readonly api keys to revoke others" do
       key1 = Fabricate(:readonly_user_api_key)
       key2 = Fabricate(:readonly_user_api_key)