diff --git a/src/ZB.MOM.WW.ScadaBridge.CLI/Commands/BundleCommands.cs b/src/ZB.MOM.WW.ScadaBridge.CLI/Commands/BundleCommands.cs
index c6c0a11b..efea33c0 100644
--- a/src/ZB.MOM.WW.ScadaBridge.CLI/Commands/BundleCommands.cs
+++ b/src/ZB.MOM.WW.ScadaBridge.CLI/Commands/BundleCommands.cs
@@ -61,7 +61,9 @@ public static class BundleCommands
         var dbConnectionsOption = NameListOption("--db-connections", "Comma-separated database-connection names");
         var notificationListsOption = NameListOption("--notification-lists", "Comma-separated notification-list names");
         var smtpConfigsOption = NameListOption("--smtp-configs", "Comma-separated SMTP host names");
-        var apiKeysOption = NameListOption("--api-keys", "Comma-separated API-key names");
+        // Inbound API keys are not transported between environments (re-arch C4) — no
+        // --api-keys option. Re-create keys and re-grant their method scopes on the
+        // destination via the admin UI/CLI.
         var apiMethodsOption = NameListOption("--api-methods", "Comma-separated API-method names");
         var includeDepsOption = new Option<bool>("--include-dependencies")
         {
@@ -85,7 +87,6 @@ public static class BundleCommands
         cmd.Add(dbConnectionsOption);
         cmd.Add(notificationListsOption);
         cmd.Add(smtpConfigsOption);
-        cmd.Add(apiKeysOption);
         cmd.Add(apiMethodsOption);
         cmd.Add(includeDepsOption);
         cmd.Add(sourceEnvOption);
@@ -106,7 +107,6 @@ public static class BundleCommands
                 DatabaseConnectionNames: result.GetValue(dbConnectionsOption),
                 NotificationListNames: result.GetValue(notificationListsOption),
                 SmtpConfigurationNames: result.GetValue(smtpConfigsOption),
-                ApiKeyNames: result.GetValue(apiKeysOption),
                 ApiMethodNames: result.GetValue(apiMethodsOption),
                 IncludeDependencies: includeDeps,
                 Passphrase: passphrase,
diff --git a/src/ZB.MOM.WW.ScadaBridge.CentralUI/Components/Pages/Design/TransportExport.razor b/src/ZB.MOM.WW.ScadaBridge.CentralUI/Components/Pages/Design/TransportExport.razor
index 905e9fa5..c44554b8 100644
--- a/src/ZB.MOM.WW.ScadaBridge.CentralUI/Components/Pages/Design/TransportExport.razor
+++ b/src/ZB.MOM.WW.ScadaBridge.CentralUI/Components/Pages/Design/TransportExport.razor
@@ -138,14 +138,15 @@
                 @RenderCheckboxList(_smtpConfigs, s => s.Id, s => s.Host, _selectedSmtpConfigs)
             </fieldset>
 
-            <fieldset class="mb-4" data-testid="group-api-keys">
-                <legend class="h6">API Keys</legend>
-                @RenderCheckboxList(_apiKeys, k => k.Id, k => k.Name, _selectedApiKeys)
-            </fieldset>
-
             <fieldset class="mb-4" data-testid="group-api-methods">
                 <legend class="h6">API Methods</legend>
                 @RenderCheckboxList(_apiMethods, m => m.Id, m => m.Name, _selectedApiMethods)
+                <div class="alert alert-info small mt-2 mb-0 py-2" role="alert" data-testid="api-keys-not-transported">
+                    <strong>API keys are not part of config transport.</strong> Inbound API keys
+                    live in each environment's own secret store and cannot be exported. After
+                    importing, re-create the keys on the destination and re-grant their method
+                    scopes via the admin UI/CLI.
+                </div>
             </fieldset>
 
             <div class="d-flex justify-content-end gap-2 mt-4">
@@ -261,10 +262,7 @@
                         {
                             <li>SmtpConfig: @s.Host</li>
                         }
-                        @foreach (var k in _resolved.ApiKeys.OrderBy(k => k.Name, StringComparer.OrdinalIgnoreCase))
-                        {
-                            <li>ApiKey: @k.Name</li>
-                        }
+                        @* Inbound API keys are not transported (re-arch C4) — methods only. *@
                         @foreach (var m in _resolved.ApiMethods.OrderBy(m => m.Name, StringComparer.OrdinalIgnoreCase))
                         {
                             <li>ApiMethod: @m.Name</li>
diff --git a/src/ZB.MOM.WW.ScadaBridge.CentralUI/Components/Pages/Design/TransportExport.razor.cs b/src/ZB.MOM.WW.ScadaBridge.CentralUI/Components/Pages/Design/TransportExport.razor.cs
index 6ee6f245..a0e0b807 100644
--- a/src/ZB.MOM.WW.ScadaBridge.CentralUI/Components/Pages/Design/TransportExport.razor.cs
+++ b/src/ZB.MOM.WW.ScadaBridge.CentralUI/Components/Pages/Design/TransportExport.razor.cs
@@ -69,7 +69,7 @@ public partial class TransportExport : ComponentBase
     private List<DatabaseConnectionDefinition> _dbConnections = new();
     private List<NotificationList> _notificationLists = new();
     private List<SmtpConfiguration> _smtpConfigs = new();
-    private List<ApiKey> _apiKeys = new();
+    // Inbound API keys are not transported between environments (re-arch C4); only methods.
     private List<ApiMethod> _apiMethods = new();
 
     // ---- Step 1: selection state ----
@@ -82,7 +82,7 @@ public partial class TransportExport : ComponentBase
     private readonly HashSet<int> _selectedDbConnections = new();
     private readonly HashSet<int> _selectedNotificationLists = new();
     private readonly HashSet<int> _selectedSmtpConfigs = new();
-    private readonly HashSet<int> _selectedApiKeys = new();
+    // No _selectedApiKeys: inbound API keys are not transported (re-arch C4).
     private readonly HashSet<int> _selectedApiMethods = new();
     private string _filter = string.Empty;
     private bool _includeDependencies = true;
@@ -124,7 +124,7 @@ public partial class TransportExport : ComponentBase
             _dbConnections = (await ExternalRepo.GetAllDatabaseConnectionsAsync()).ToList();
             _notificationLists = (await NotificationRepo.GetAllNotificationListsAsync()).ToList();
             _smtpConfigs = (await NotificationRepo.GetAllSmtpConfigurationsAsync()).ToList();
-            _apiKeys = (await InboundApiRepo.GetAllApiKeysAsync()).ToList();
+            // Inbound API keys are not transported (re-arch C4) — only methods are loaded.
             _apiMethods = (await InboundApiRepo.GetAllApiMethodsAsync()).ToList();
         }
         catch (Exception ex)
@@ -169,7 +169,6 @@ public partial class TransportExport : ComponentBase
         || _selectedDbConnections.Count > 0
         || _selectedNotificationLists.Count > 0
         || _selectedSmtpConfigs.Count > 0
-        || _selectedApiKeys.Count > 0
         || _selectedApiMethods.Count > 0;
 
     private bool PassphraseValid =>
@@ -205,7 +204,7 @@ public partial class TransportExport : ComponentBase
             DatabaseConnectionIds: _selectedDbConnections.ToList(),
             NotificationListIds: _selectedNotificationLists.ToList(),
             SmtpConfigurationIds: _selectedSmtpConfigs.ToList(),
-            ApiKeyIds: _selectedApiKeys.ToList(),
+            // Inbound API keys are not transported (re-arch C4) — methods only.
             ApiMethodIds: _selectedApiMethods.ToList(),
             IncludeDependencies: _includeDependencies);
     }
@@ -393,7 +392,6 @@ public partial class TransportExport : ComponentBase
         _selectedDbConnections.Clear();
         _selectedNotificationLists.Clear();
         _selectedSmtpConfigs.Clear();
-        _selectedApiKeys.Clear();
         _selectedApiMethods.Clear();
         _filter = string.Empty;
         _includeDependencies = true;
diff --git a/src/ZB.MOM.WW.ScadaBridge.Commons/Messages/Management/TransportCommands.cs b/src/ZB.MOM.WW.ScadaBridge.Commons/Messages/Management/TransportCommands.cs
index 9132dbb7..1c786a19 100644
--- a/src/ZB.MOM.WW.ScadaBridge.Commons/Messages/Management/TransportCommands.cs
+++ b/src/ZB.MOM.WW.ScadaBridge.Commons/Messages/Management/TransportCommands.cs
@@ -6,6 +6,12 @@ namespace ZB.MOM.WW.ScadaBridge.Commons.Messages.Management;
 /// Exports a bundle. Names rather than IDs in the selection so test scripts can
 /// be written without an ID lookup step. <c>All=true</c> overrides the per-type
 /// name lists and exports every entity of every supported type.
+/// <para>
+/// Inbound API keys are intentionally not selectable: per the inbound-API-key
+/// re-architecture (C4) keys are not transported between environments; only API
+/// methods travel. Re-create keys and re-grant their method scopes on the
+/// destination via the admin UI/CLI.
+/// </para>
 /// </summary>
 public sealed record ExportBundleCommand(
     bool All,
@@ -15,7 +21,6 @@ public sealed record ExportBundleCommand(
     IReadOnlyList<string>? DatabaseConnectionNames,
     IReadOnlyList<string>? NotificationListNames,
     IReadOnlyList<string>? SmtpConfigurationNames,
-    IReadOnlyList<string>? ApiKeyNames,
     IReadOnlyList<string>? ApiMethodNames,
     bool IncludeDependencies,
     string? Passphrase,
diff --git a/src/ZB.MOM.WW.ScadaBridge.Commons/Types/Transport/BundleSummary.cs b/src/ZB.MOM.WW.ScadaBridge.Commons/Types/Transport/BundleSummary.cs
index 0d38b1f8..328a682e 100644
--- a/src/ZB.MOM.WW.ScadaBridge.Commons/Types/Transport/BundleSummary.cs
+++ b/src/ZB.MOM.WW.ScadaBridge.Commons/Types/Transport/BundleSummary.cs
@@ -1,5 +1,7 @@
 namespace ZB.MOM.WW.ScadaBridge.Commons.Types.Transport;
 
+// ApiKeys is intentionally absent: inbound API keys are not transported between
+// environments (re-arch C4). Only API methods are summarised.
 public sealed record BundleSummary(
     int Templates,
     int TemplateFolders,
@@ -8,5 +10,4 @@ public sealed record BundleSummary(
     int DbConnections,
     int NotificationLists,
     int SmtpConfigs,
-    int ApiKeys,
     int ApiMethods);
diff --git a/src/ZB.MOM.WW.ScadaBridge.Commons/Types/Transport/ExportSelection.cs b/src/ZB.MOM.WW.ScadaBridge.Commons/Types/Transport/ExportSelection.cs
index 3bdf6c97..b0d2d622 100644
--- a/src/ZB.MOM.WW.ScadaBridge.Commons/Types/Transport/ExportSelection.cs
+++ b/src/ZB.MOM.WW.ScadaBridge.Commons/Types/Transport/ExportSelection.cs
@@ -1,5 +1,10 @@
 namespace ZB.MOM.WW.ScadaBridge.Commons.Types.Transport;
 
+// Inbound API keys are intentionally absent from the transport selection: per the
+// inbound-API-key re-architecture (commit C4) keys are NOT carried between
+// environments. They live in the per-environment SQLite store (per-env pepper +
+// secret-shown-once) and are re-created/re-granted via the admin UI/CLI on the
+// destination. Only API *methods* travel in a bundle.
 public sealed record ExportSelection(
     IReadOnlyList<int> TemplateIds,
     IReadOnlyList<int> SharedScriptIds,
@@ -7,6 +12,5 @@ public sealed record ExportSelection(
     IReadOnlyList<int> DatabaseConnectionIds,
     IReadOnlyList<int> NotificationListIds,
     IReadOnlyList<int> SmtpConfigurationIds,
-    IReadOnlyList<int> ApiKeyIds,
     IReadOnlyList<int> ApiMethodIds,
     bool IncludeDependencies);
diff --git a/src/ZB.MOM.WW.ScadaBridge.Commons/Types/Transport/ImportResult.cs b/src/ZB.MOM.WW.ScadaBridge.Commons/Types/Transport/ImportResult.cs
index e9502bfc..ec3e38f7 100644
--- a/src/ZB.MOM.WW.ScadaBridge.Commons/Types/Transport/ImportResult.cs
+++ b/src/ZB.MOM.WW.ScadaBridge.Commons/Types/Transport/ImportResult.cs
@@ -7,4 +7,8 @@ public sealed record ImportResult(
     int Skipped,
     int Renamed,
     IReadOnlyList<int> StaleInstanceIds,
-    string AuditEventCorrelation);
+    string AuditEventCorrelation,
+    // Number of legacy inbound API keys found in the bundle that were ignored
+    // (re-arch C4 — keys are not transported; re-create them on this environment).
+    // Defaults to 0 so existing positional construction sites stay source-compatible.
+    int ApiKeysIgnored = 0);
diff --git a/src/ZB.MOM.WW.ScadaBridge.ManagementService/ManagementActor.cs b/src/ZB.MOM.WW.ScadaBridge.ManagementService/ManagementActor.cs
index dd1b7e3e..bd2e7251 100644
--- a/src/ZB.MOM.WW.ScadaBridge.ManagementService/ManagementActor.cs
+++ b/src/ZB.MOM.WW.ScadaBridge.ManagementService/ManagementActor.cs
@@ -1901,7 +1901,7 @@ public class ManagementActor : ReceiveActor
         var dbConnections = await externalRepo.GetAllDatabaseConnectionsAsync();
         var notificationLists = await notifRepo.GetAllNotificationListsAsync();
         var smtpConfigs = await notifRepo.GetAllSmtpConfigurationsAsync();
-        var apiKeys = await inboundRepo.GetAllApiKeysAsync();
+        // Inbound API keys are not transported between environments (re-arch C4); only methods.
         var apiMethods = await inboundRepo.GetAllApiMethodsAsync();
 
         int[] ResolveIds<T>(IReadOnlyList<T> all, IReadOnlyList<string>? names,
@@ -1931,7 +1931,6 @@ public class ManagementActor : ReceiveActor
             // SmtpConfiguration is keyed by Host (no Name column); the bundle
             // preview row shows the Host value, so the CLI uses Host too.
             SmtpConfigurationIds: ResolveIds(smtpConfigs, cmd.SmtpConfigurationNames, s => s.Host, s => s.Id, "SMTP configuration"),
-            ApiKeyIds: ResolveIds(apiKeys, cmd.ApiKeyNames, k => k.Name, k => k.Id, "API key"),
             ApiMethodIds: ResolveIds(apiMethods, cmd.ApiMethodNames, m => m.Name, m => m.Id, "API method"),
             IncludeDependencies: cmd.IncludeDependencies);
 
diff --git a/src/ZB.MOM.WW.ScadaBridge.Transport/Export/BundleExporter.cs b/src/ZB.MOM.WW.ScadaBridge.Transport/Export/BundleExporter.cs
index 01efb9ed..7b079cdf 100644
--- a/src/ZB.MOM.WW.ScadaBridge.Transport/Export/BundleExporter.cs
+++ b/src/ZB.MOM.WW.ScadaBridge.Transport/Export/BundleExporter.cs
@@ -82,7 +82,7 @@ public sealed class BundleExporter : IBundleExporter
             DatabaseConnections: resolved.DatabaseConnections,
             NotificationLists: resolved.NotificationLists,
             SmtpConfigurations: resolved.SmtpConfigs,
-            ApiKeys: resolved.ApiKeys,
+            // Inbound API keys are not transported between environments (re-arch C4).
             ApiMethods: resolved.ApiMethods);
         var contentDto = _entitySerializer.ToBundleContent(aggregate);
 
@@ -95,7 +95,6 @@ public sealed class BundleExporter : IBundleExporter
             DbConnections: resolved.DatabaseConnections.Count,
             NotificationLists: resolved.NotificationLists.Count,
             SmtpConfigs: resolved.SmtpConfigs.Count,
-            ApiKeys: resolved.ApiKeys.Count,
             ApiMethods: resolved.ApiMethods.Count);
 
         // 4. Build a TEMPLATE manifest. BundleSerializer.Pack re-stamps both
diff --git a/src/ZB.MOM.WW.ScadaBridge.Transport/Export/DependencyResolver.cs b/src/ZB.MOM.WW.ScadaBridge.Transport/Export/DependencyResolver.cs
index b6aaf6d4..4f7c3d50 100644
--- a/src/ZB.MOM.WW.ScadaBridge.Transport/Export/DependencyResolver.cs
+++ b/src/ZB.MOM.WW.ScadaBridge.Transport/Export/DependencyResolver.cs
@@ -98,13 +98,9 @@ public sealed class DependencyResolver
             if (sm is not null) smtpConfigs[sm.Id] = sm;
         }
 
-        var apiKeys = new Dictionary<int, ApiKey>();
-        foreach (var id in selection.ApiKeyIds.Distinct())
-        {
-            var k = await _inboundApi.GetApiKeyByIdAsync(id, ct).ConfigureAwait(false);
-            if (k is not null) apiKeys[k.Id] = k;
-        }
-
+        // Inbound API keys are intentionally NOT resolved into the bundle: per the
+        // inbound-API-key re-architecture (C4) keys are not transported between
+        // environments. Only API methods travel.
         var apiMethods = new Dictionary<int, ApiMethod>();
         foreach (var id in selection.ApiMethodIds.Distinct())
         {
@@ -148,7 +144,6 @@ public sealed class DependencyResolver
             dbConnections.Values,
             notificationLists.Values,
             smtpConfigs.Values,
-            apiKeys.Values,
             apiMethods.Values);
 
         return new ResolvedExport(
@@ -160,7 +155,6 @@ public sealed class DependencyResolver
             DatabaseConnections: dbConnections.Values.OrderBy(d => d.Name, StringComparer.Ordinal).ToList(),
             NotificationLists: notificationLists.Values.OrderBy(n => n.Name, StringComparer.Ordinal).ToList(),
             SmtpConfigs: smtpConfigs.Values.OrderBy(s => s.Host, StringComparer.Ordinal).ToList(),
-            ApiKeys: apiKeys.Values.OrderBy(a => a.Name, StringComparer.Ordinal).ToList(),
             ApiMethods: apiMethods.Values.OrderBy(a => a.Name, StringComparer.Ordinal).ToList(),
             ContentManifest: manifest);
     }
@@ -368,7 +362,6 @@ public sealed class DependencyResolver
         IEnumerable<DatabaseConnectionDefinition> dbConnections,
         IEnumerable<NotificationList> notificationLists,
         IEnumerable<SmtpConfiguration> smtpConfigs,
-        IEnumerable<ApiKey> apiKeys,
         IEnumerable<ApiMethod> apiMethods)
     {
         var entries = new List<ManifestContentEntry>();
@@ -419,10 +412,7 @@ public sealed class DependencyResolver
         {
             entries.Add(new ManifestContentEntry("SmtpConfiguration", s.Host, 1, Array.Empty<string>()));
         }
-        foreach (var k in apiKeys.OrderBy(x => x.Name, StringComparer.Ordinal))
-        {
-            entries.Add(new ManifestContentEntry("ApiKey", k.Name, 1, Array.Empty<string>()));
-        }
+        // Inbound API keys are not transported (re-arch C4) — no ApiKey manifest entries.
         foreach (var m in apiMethods.OrderBy(x => x.Name, StringComparer.Ordinal))
         {
             entries.Add(new ManifestContentEntry("ApiMethod", m.Name, 1, Array.Empty<string>()));
diff --git a/src/ZB.MOM.WW.ScadaBridge.Transport/Export/ResolvedExport.cs b/src/ZB.MOM.WW.ScadaBridge.Transport/Export/ResolvedExport.cs
index 4ad5649c..c1ca966d 100644
--- a/src/ZB.MOM.WW.ScadaBridge.Transport/Export/ResolvedExport.cs
+++ b/src/ZB.MOM.WW.ScadaBridge.Transport/Export/ResolvedExport.cs
@@ -1,5 +1,5 @@
 using ZB.MOM.WW.ScadaBridge.Commons.Entities.ExternalSystems;
-using ZB.MOM.WW.ScadaBridge.Commons.Entities.InboundApi;
+using ZB.MOM.WW.ScadaBridge.Commons.Entities.InboundApi; // ApiMethod
 using ZB.MOM.WW.ScadaBridge.Commons.Entities.Notifications;
 using ZB.MOM.WW.ScadaBridge.Commons.Entities.Scripts;
 using ZB.MOM.WW.ScadaBridge.Commons.Entities.Templates;
@@ -23,6 +23,6 @@ public sealed record ResolvedExport(
     IReadOnlyList<DatabaseConnectionDefinition> DatabaseConnections,
     IReadOnlyList<NotificationList> NotificationLists,
     IReadOnlyList<SmtpConfiguration> SmtpConfigs,
-    IReadOnlyList<ApiKey> ApiKeys,
+    // Inbound API keys are not transported between environments (re-arch C4); only methods.
     IReadOnlyList<ApiMethod> ApiMethods,
     IReadOnlyList<ManifestContentEntry> ContentManifest);
diff --git a/src/ZB.MOM.WW.ScadaBridge.Transport/Import/ArtifactDiff.cs b/src/ZB.MOM.WW.ScadaBridge.Transport/Import/ArtifactDiff.cs
index d6da90c5..959ece09 100644
--- a/src/ZB.MOM.WW.ScadaBridge.Transport/Import/ArtifactDiff.cs
+++ b/src/ZB.MOM.WW.ScadaBridge.Transport/Import/ArtifactDiff.cs
@@ -244,26 +244,8 @@ public sealed class ArtifactDiff
         return BuildItem("SmtpConfiguration", incoming.Host, changes);
     }
 
-    /// <summary>
-    /// Compares an incoming API key against the existing API key in the database.
-    /// </summary>
-    /// <param name="incoming">The incoming API key from the bundle.</param>
-    /// <param name="existing">The existing API key in the database, or null if new.</param>
-    /// <returns>An import preview item describing the conflict type and differences.</returns>
-    public ImportPreviewItem CompareApiKey(ApiKeyDto incoming, ApiKey? existing)
-    {
-        ArgumentNullException.ThrowIfNull(incoming);
-        if (existing is null) return New("ApiKey", incoming.Name);
-
-        var changes = new List<FieldChange>();
-        AddIfDifferent(changes, "IsEnabled", existing.IsEnabled, incoming.IsEnabled);
-        // KeyHash is opaque — record only changed/unchanged, not the value.
-        if (!string.Equals(existing.KeyHash, incoming.KeyHash, StringComparison.Ordinal))
-        {
-            changes.Add(new FieldChange("KeyHash", "<changed>", "<changed>"));
-        }
-        return BuildItem("ApiKey", incoming.Name, changes);
-    }
+    // CompareApiKey was removed in re-arch C4: inbound API keys are not transported
+    // between environments, so the import preview never diffs keys.
 
     /// <summary>
     /// Compares an incoming API method against the existing API method in the database.
@@ -277,7 +259,7 @@ public sealed class ArtifactDiff
         if (existing is null) return New("ApiMethod", incoming.Name);
 
         var changes = new List<FieldChange>();
-        AddIfDifferent(changes, "ApprovedApiKeyIds", existing.ApprovedApiKeyIds, incoming.ApprovedApiKeyIds);
+        // ApprovedApiKeyIds is not transported (re-arch C4) and is excluded from the diff.
         AddIfDifferent(changes, "ParameterDefinitions", existing.ParameterDefinitions, incoming.ParameterDefinitions);
         AddIfDifferent(changes, "ReturnDefinition", existing.ReturnDefinition, incoming.ReturnDefinition);
         AddIfDifferent(changes, "TimeoutSeconds", existing.TimeoutSeconds, incoming.TimeoutSeconds);
diff --git a/src/ZB.MOM.WW.ScadaBridge.Transport/Import/BundleImporter.cs b/src/ZB.MOM.WW.ScadaBridge.Transport/Import/BundleImporter.cs
index 18347dd0..9a5dab59 100644
--- a/src/ZB.MOM.WW.ScadaBridge.Transport/Import/BundleImporter.cs
+++ b/src/ZB.MOM.WW.ScadaBridge.Transport/Import/BundleImporter.cs
@@ -408,14 +408,12 @@ public sealed class BundleImporter : IBundleImporter
             items.Add(_diff.CompareSmtpConfiguration(sm, existing));
         }
 
-        // ---- ApiKeys (no by-name lookup — scan GetAll) ----
-        var allApiKeys = await _inboundApiRepo.GetAllApiKeysAsync(ct).ConfigureAwait(false);
-        var apiKeyByName = allApiKeys.ToDictionary(k => k.Name, k => k, StringComparer.Ordinal);
-        foreach (var k in content.ApiKeys)
-        {
-            apiKeyByName.TryGetValue(k.Name, out var existing);
-            items.Add(_diff.CompareApiKey(k, existing));
-        }
+        // ---- ApiKeys ----
+        // Inbound API keys are not transported between environments (re-arch C4).
+        // New bundles never carry a keys section. A pre-C4 bundle may still contain
+        // one; we do NOT surface those keys as importable preview rows (they would
+        // offer Add/Overwrite actions for keys that can't be meaningfully re-created
+        // from a hash). They are counted, ignored, and reported at apply time.
 
         // ---- ApiMethods ----
         foreach (var m in content.ApiMethods)
@@ -617,6 +615,12 @@ public sealed class BundleImporter : IBundleImporter
             r => r);
         var summary = new ImportSummary();
 
+        // Inbound API keys are not transported between environments (re-arch C4).
+        // A pre-C4 bundle may still contain a keys section; we ignore those keys
+        // entirely (never re-create them) but count them so the result can tell
+        // the operator to re-issue keys on this environment.
+        var apiKeysIgnored = content.ApiKeys?.Count ?? 0;
+
         // Set the correlation BEFORE the transaction so any audit writes
         // triggered during the apply pick up the BundleImportId — AuditService
         // reads the scoped context at the moment LogAsync is called.
@@ -660,7 +664,8 @@ public sealed class BundleImporter : IBundleImporter
             await ApplyDatabaseConnectionsAsync(content.DatabaseConnections, resolutionMap, user, summary, ct).ConfigureAwait(false);
             await ApplyNotificationListsAsync(content.NotificationLists, resolutionMap, user, summary, ct).ConfigureAwait(false);
             await ApplySmtpConfigsAsync(content.SmtpConfigs, resolutionMap, user, summary, ct).ConfigureAwait(false);
-            await ApplyApiKeysAsync(content.ApiKeys, resolutionMap, user, summary, ct).ConfigureAwait(false);
+            // Inbound API keys are NOT applied from a bundle (re-arch C4) — any keys
+            // in a legacy bundle were counted above (apiKeysIgnored) and are skipped.
             await ApplyApiMethodsAsync(content.ApiMethods, resolutionMap, user, summary, ct).ConfigureAwait(false);
 
             // FU-B / #39 + remainder of #37 — second-pass rewire of name-keyed
@@ -700,6 +705,9 @@ public sealed class BundleImporter : IBundleImporter
                         summary.Skipped,
                         summary.Renamed,
                     },
+                    // re-arch C4: legacy inbound API keys present in the bundle that
+                    // were ignored (not transported / not re-created here).
+                    ApiKeysIgnored = apiKeysIgnored,
                 },
                 cancellationToken: ct).ConfigureAwait(false);
 
@@ -721,7 +729,8 @@ public sealed class BundleImporter : IBundleImporter
                 Skipped: summary.Skipped,
                 Renamed: summary.Renamed,
                 StaleInstanceIds: Array.Empty<int>(),
-                AuditEventCorrelation: bundleImportId.ToString());
+                AuditEventCorrelation: bundleImportId.ToString(),
+                ApiKeysIgnored: apiKeysIgnored);
         }
         catch (Exception ex)
         {
@@ -2015,59 +2024,9 @@ public sealed class BundleImporter : IBundleImporter
         target.Credentials = dto.Secrets?.Values.TryGetValue("Credentials", out var cred) == true ? cred : null;
     }
 
-    private async Task ApplyApiKeysAsync(
-        IReadOnlyList<ApiKeyDto> dtos,
-        Dictionary<(string, string), ImportResolution> map,
-        string user,
-        ImportSummary summary,
-        CancellationToken ct)
-    {
-        if (dtos.Count == 0) return;
-        var all = await _inboundApiRepo.GetAllApiKeysAsync(ct).ConfigureAwait(false);
-        var byName = all.ToDictionary(k => k.Name, k => k, StringComparer.Ordinal);
-
-        foreach (var dto in dtos)
-        {
-            var resolution = ResolveOrDefault(map, "ApiKey", dto.Name);
-            switch (resolution.Action)
-            {
-                case ResolutionAction.Skip:
-                    summary.Skipped++;
-                    break;
-                case ResolutionAction.Rename:
-                {
-                    var name = resolution.RenameTo ?? dto.Name;
-                    var key = ApiKey.FromHash(name, dto.KeyHash);
-                    key.IsEnabled = dto.IsEnabled;
-                    await _inboundApiRepo.AddApiKeyAsync(key, ct).ConfigureAwait(false);
-                    await _auditService.LogAsync(user, "Create", "ApiKey", "0", name,
-                        new { key.Name, RenamedFrom = dto.Name }, ct).ConfigureAwait(false);
-                    summary.Renamed++;
-                    break;
-                }
-                case ResolutionAction.Overwrite when byName.TryGetValue(dto.Name, out var ex):
-                    ex.KeyHash = dto.KeyHash;
-                    ex.IsEnabled = dto.IsEnabled;
-                    await _inboundApiRepo.UpdateApiKeyAsync(ex, ct).ConfigureAwait(false);
-                    await _auditService.LogAsync(user, "Update", "ApiKey", ex.Id.ToString(), ex.Name,
-                        new { ex.Name, ex.IsEnabled }, ct).ConfigureAwait(false);
-                    summary.Overwritten++;
-                    break;
-                case ResolutionAction.Add:
-                case ResolutionAction.Overwrite:
-                default:
-                {
-                    var key = ApiKey.FromHash(dto.Name, dto.KeyHash);
-                    key.IsEnabled = dto.IsEnabled;
-                    await _inboundApiRepo.AddApiKeyAsync(key, ct).ConfigureAwait(false);
-                    await _auditService.LogAsync(user, "Create", "ApiKey", "0", key.Name,
-                        new { key.Name, key.IsEnabled }, ct).ConfigureAwait(false);
-                    summary.Added++;
-                    break;
-                }
-            }
-        }
-    }
+    // ApplyApiKeysAsync was removed in re-arch C4: inbound API keys are not
+    // transported between environments, so a bundle never re-creates keys. Any keys
+    // present in a legacy (pre-C4) bundle are counted and ignored in ApplyAsync.
 
     private async Task ApplyApiMethodsAsync(
         IReadOnlyList<ApiMethodDto> dtos,
@@ -2098,7 +2057,9 @@ public sealed class BundleImporter : IBundleImporter
                 }
                 case ResolutionAction.Overwrite when existing is not null:
                     existing.Script = dto.Script;
-                    existing.ApprovedApiKeyIds = dto.ApprovedApiKeyIds;
+                    // ApprovedApiKeyIds is NOT overwritten from a bundle (re-arch C4):
+                    // method→key scopes are re-granted per environment and any value on
+                    // the target row is preserved across an import.
                     existing.ParameterDefinitions = dto.ParameterDefinitions;
                     existing.ReturnDefinition = dto.ReturnDefinition;
                     existing.TimeoutSeconds = dto.TimeoutSeconds;
@@ -2124,9 +2085,10 @@ public sealed class BundleImporter : IBundleImporter
 
     private static ApiMethod BuildApiMethod(ApiMethodDto dto, string? overrideName)
     {
+        // ApprovedApiKeyIds is intentionally left at its default (null): keys are not
+        // transported (re-arch C4) and method→key scopes are re-granted per environment.
         return new ApiMethod(overrideName ?? dto.Name, dto.Script)
         {
-            ApprovedApiKeyIds = dto.ApprovedApiKeyIds,
             ParameterDefinitions = dto.ParameterDefinitions,
             ReturnDefinition = dto.ReturnDefinition,
             TimeoutSeconds = dto.TimeoutSeconds,
diff --git a/src/ZB.MOM.WW.ScadaBridge.Transport/Serialization/EntityDtos.cs b/src/ZB.MOM.WW.ScadaBridge.Transport/Serialization/EntityDtos.cs
index bd252cad..7fe8a253 100644
--- a/src/ZB.MOM.WW.ScadaBridge.Transport/Serialization/EntityDtos.cs
+++ b/src/ZB.MOM.WW.ScadaBridge.Transport/Serialization/EntityDtos.cs
@@ -13,6 +13,8 @@ namespace ZB.MOM.WW.ScadaBridge.Transport.Serialization;
 /// ignorant POCO types — what <see cref="EntitySerializer"/> consumes/produces
 /// on the application side of the bundle boundary.
 /// </summary>
+// ApiKeys is intentionally absent: inbound API keys are not transported between
+// environments (re-arch C4). The aggregate only carries API methods.
 public sealed record EntityAggregate(
     IReadOnlyList<TemplateFolder> TemplateFolders,
     IReadOnlyList<Template> Templates,
@@ -22,7 +24,6 @@ public sealed record EntityAggregate(
     IReadOnlyList<DatabaseConnectionDefinition> DatabaseConnections,
     IReadOnlyList<NotificationList> NotificationLists,
     IReadOnlyList<SmtpConfiguration> SmtpConfigurations,
-    IReadOnlyList<ApiKey> ApiKeys,
     IReadOnlyList<ApiMethod> ApiMethods);
 
 /// <summary>
@@ -30,6 +31,14 @@ public sealed record EntityAggregate(
 /// order so importers can apply them inline. Lists are never null on the wire
 /// — empty arrays are preferred over nulls so JSON consumers can rely on each
 /// property being present.
+/// <para>
+/// <see cref="ApiKeys"/> is a <b>legacy, read-only</b> field retained purely for
+/// backward-compatible deserialization of bundles produced before the
+/// inbound-API-key re-architecture (C4). New exports never populate it (it stays
+/// <c>null</c> and is dropped from the JSON by the serializer's
+/// <c>WhenWritingNull</c> policy); the importer counts any keys present in an old
+/// bundle, ignores them, and surfaces a note — keys are re-created per environment.
+/// </para>
 /// </summary>
 public sealed record BundleContentDto(
     IReadOnlyList<TemplateFolderDto> TemplateFolders,
@@ -39,8 +48,8 @@ public sealed record BundleContentDto(
     IReadOnlyList<DatabaseConnectionDto> DatabaseConnections,
     IReadOnlyList<NotificationListDto> NotificationLists,
     IReadOnlyList<SmtpConfigDto> SmtpConfigs,
-    IReadOnlyList<ApiKeyDto> ApiKeys,
-    IReadOnlyList<ApiMethodDto> ApiMethods);
+    IReadOnlyList<ApiMethodDto> ApiMethods,
+    IReadOnlyList<ApiKeyDto>? ApiKeys = null);
 
 /// <summary>
 /// Carved-off secret values for an entity. The outer DTO carries all non-
@@ -144,16 +153,20 @@ public sealed record SmtpConfigDto(
     TimeSpan RetryDelay,
     SecretsBlock? Secrets);
 
+// Legacy DTO: only deserialized from pre-C4 bundles so the importer can count and
+// ignore the keys they contain. New exports never emit an ApiKeys array.
 public sealed record ApiKeyDto(
     string Name,
     string KeyHash,
     bool IsEnabled,
     SecretsBlock? Secrets);
 
+// ApprovedApiKeyIds is intentionally absent: it linked methods to keys that are no
+// longer transported (re-arch C4). Scopes are re-granted per environment. The field
+// in any old bundle is simply ignored on read.
 public sealed record ApiMethodDto(
     string Name,
     string Script,
-    string? ApprovedApiKeyIds,
     string? ParameterDefinitions,
     string? ReturnDefinition,
     int TimeoutSeconds);
diff --git a/src/ZB.MOM.WW.ScadaBridge.Transport/Serialization/EntitySerializer.cs b/src/ZB.MOM.WW.ScadaBridge.Transport/Serialization/EntitySerializer.cs
index f562bebc..eebe6089 100644
--- a/src/ZB.MOM.WW.ScadaBridge.Transport/Serialization/EntitySerializer.cs
+++ b/src/ZB.MOM.WW.ScadaBridge.Transport/Serialization/EntitySerializer.cs
@@ -153,17 +153,14 @@ public sealed class EntitySerializer
                     RetryDelay: smtp.RetryDelay,
                     Secrets: secrets);
             }).ToList(),
-            // ApiKey stores only KeyHash already; no plaintext to carve. SecretsBlock
-            // stays null per design — KeyHash is on the public DTO.
-            ApiKeys: aggregate.ApiKeys.Select(k => new ApiKeyDto(
-                Name: k.Name,
-                KeyHash: k.KeyHash,
-                IsEnabled: k.IsEnabled,
-                Secrets: null)).ToList(),
+            // Inbound API keys are not transported between environments (re-arch C4):
+            // the bundle carries API methods only. ApiMethod.ApprovedApiKeyIds is also
+            // excluded — it references keys that aren't in the bundle; method→key scopes
+            // are re-granted per environment via the admin UI/CLI. The legacy ApiKeys
+            // field on the DTO stays null (and is dropped by WhenWritingNull).
             ApiMethods: aggregate.ApiMethods.Select(m => new ApiMethodDto(
                 Name: m.Name,
                 Script: m.Script,
-                ApprovedApiKeyIds: m.ApprovedApiKeyIds,
                 ParameterDefinitions: m.ParameterDefinitions,
                 ReturnDefinition: m.ReturnDefinition,
                 TimeoutSeconds: m.TimeoutSeconds)).ToList());
@@ -336,21 +333,15 @@ public sealed class EntitySerializer
             })
             .ToList();
 
-        var apiKeys = content.ApiKeys
-            .Select((dto, ix) =>
-            {
-                var key = ApiKey.FromHash(dto.Name, dto.KeyHash);
-                key.Id = ix + 1;
-                key.IsEnabled = dto.IsEnabled;
-                return key;
-            })
-            .ToList();
-
+        // Inbound API keys are not transported (re-arch C4) — content.ApiKeys is a
+        // legacy field only present on pre-C4 bundles; it is ignored here. The
+        // BundleImporter is responsible for counting and reporting any such keys.
+        // ApiMethod.ApprovedApiKeyIds is likewise not reconstructed: scopes are
+        // re-granted per environment.
         var apiMethods = content.ApiMethods
             .Select((dto, ix) => new ApiMethod(dto.Name, dto.Script)
             {
                 Id = ix + 1,
-                ApprovedApiKeyIds = dto.ApprovedApiKeyIds,
                 ParameterDefinitions = dto.ParameterDefinitions,
                 ReturnDefinition = dto.ReturnDefinition,
                 TimeoutSeconds = dto.TimeoutSeconds,
@@ -366,7 +357,6 @@ public sealed class EntitySerializer
             DatabaseConnections: databaseConnections,
             NotificationLists: notificationLists,
             SmtpConfigurations: smtpConfigurations,
-            ApiKeys: apiKeys,
             ApiMethods: apiMethods);
     }
 }
diff --git a/tests/ZB.MOM.WW.ScadaBridge.CentralUI.Tests/Pages/Design/TransportExportPageTests.cs b/tests/ZB.MOM.WW.ScadaBridge.CentralUI.Tests/Pages/Design/TransportExportPageTests.cs
index 3c9aa54a..ee4d3425 100644
--- a/tests/ZB.MOM.WW.ScadaBridge.CentralUI.Tests/Pages/Design/TransportExportPageTests.cs
+++ b/tests/ZB.MOM.WW.ScadaBridge.CentralUI.Tests/Pages/Design/TransportExportPageTests.cs
@@ -118,7 +118,8 @@ public class TransportExportPageTests : BunitContext
         var db = new DatabaseConnectionDefinition("Hist", "Server=.;") { Id = 30 };
         var notifList = new NotificationList("Ops") { Id = 40 };
         var smtp = new SmtpConfiguration("smtp.example.com", "Basic", "no-reply@example.com") { Id = 50 };
-        var apiKey = new ApiKey("ext-system", "key-hash") { Id = 60 };
+        // Inbound API keys are not transported between environments (re-arch C4) — the
+        // export page no longer offers a keys selection list, only API methods.
         var apiMethod = new ApiMethod("CreateOrder", "// noop") { Id = 70 };
 
         _templateRepo.GetAllTemplatesAsync(Arg.Any<CancellationToken>())
@@ -135,15 +136,14 @@ public class TransportExportPageTests : BunitContext
             .Returns(Task.FromResult<IReadOnlyList<NotificationList>>(new List<NotificationList> { notifList }));
         _notificationRepo.GetAllSmtpConfigurationsAsync(Arg.Any<CancellationToken>())
             .Returns(Task.FromResult<IReadOnlyList<SmtpConfiguration>>(new List<SmtpConfiguration> { smtp }));
-        _inboundApiRepo.GetAllApiKeysAsync(Arg.Any<CancellationToken>())
-            .Returns(Task.FromResult<IReadOnlyList<ApiKey>>(new List<ApiKey> { apiKey }));
         _inboundApiRepo.GetAllApiMethodsAsync(Arg.Any<CancellationToken>())
             .Returns(Task.FromResult<IReadOnlyList<ApiMethod>>(new List<ApiMethod> { apiMethod }));
 
         var cut = Render<TransportExportPage>();
         cut.WaitForState(() => cut.Markup.Contains("Pump"));
 
-        // All six flat groups (plus templates) are present.
+        // All flat groups (plus templates) are present. There is intentionally NO
+        // API-keys group: inbound API keys are not transported (re-arch C4).
         foreach (var groupId in new[]
         {
             "group-templates",
@@ -152,20 +152,23 @@ public class TransportExportPageTests : BunitContext
             "group-db-connections",
             "group-notification-lists",
             "group-smtp-configs",
-            "group-api-keys",
             "group-api-methods",
         })
         {
             Assert.NotNull(cut.Find($"[data-testid='{groupId}']"));
         }
 
+        // The API-keys selection group is gone, replaced by an info note explaining
+        // that keys must be re-created per environment.
+        Assert.Empty(cut.FindAll("[data-testid='group-api-keys']"));
+        Assert.NotNull(cut.Find("[data-testid='api-keys-not-transported']"));
+
         // Sanity: each artifact shows its label.
         Assert.Contains("Helpers", cut.Markup);
         Assert.Contains("ERP", cut.Markup);
         Assert.Contains("Hist", cut.Markup);
         Assert.Contains("Ops", cut.Markup);
         Assert.Contains("smtp.example.com", cut.Markup);
-        Assert.Contains("ext-system", cut.Markup);
         Assert.Contains("CreateOrder", cut.Markup);
 
         // Next button is disabled while no selection exists.
diff --git a/tests/ZB.MOM.WW.ScadaBridge.CentralUI.Tests/Pages/Design/TransportImportPageTests.cs b/tests/ZB.MOM.WW.ScadaBridge.CentralUI.Tests/Pages/Design/TransportImportPageTests.cs
index f27177e2..113a0531 100644
--- a/tests/ZB.MOM.WW.ScadaBridge.CentralUI.Tests/Pages/Design/TransportImportPageTests.cs
+++ b/tests/ZB.MOM.WW.ScadaBridge.CentralUI.Tests/Pages/Design/TransportImportPageTests.cs
@@ -92,7 +92,7 @@ public class TransportImportPageTests : BunitContext
                     Iterations: 600_000,
                     SaltB64: "abc",
                     IvB64: "def"),
-                Summary: new BundleSummary(0, 0, 0, 0, 0, 0, 0, 0, 0),
+                Summary: new BundleSummary(0, 0, 0, 0, 0, 0, 0, 0),
                 Contents: Array.Empty<ManifestContentEntry>()),
             DecryptedContent = Array.Empty<byte>(),
             ExpiresAt = DateTimeOffset.UtcNow.AddMinutes(30),
diff --git a/tests/ZB.MOM.WW.ScadaBridge.Commons.Tests/Types/Transport/TransportRecordsTests.cs b/tests/ZB.MOM.WW.ScadaBridge.Commons.Tests/Types/Transport/TransportRecordsTests.cs
index ba58da1f..b9a4ca4d 100644
--- a/tests/ZB.MOM.WW.ScadaBridge.Commons.Tests/Types/Transport/TransportRecordsTests.cs
+++ b/tests/ZB.MOM.WW.ScadaBridge.Commons.Tests/Types/Transport/TransportRecordsTests.cs
@@ -31,7 +31,7 @@ public sealed class TransportRecordsTests
         var summary = new BundleSummary(
             Templates: 2, TemplateFolders: 1, SharedScripts: 3,
             ExternalSystems: 1, DbConnections: 0, NotificationLists: 1,
-            SmtpConfigs: 1, ApiKeys: 0, ApiMethods: 4);
+            SmtpConfigs: 1, ApiMethods: 4);
         var contents = new List<ManifestContentEntry>
         {
             new("Template", "Pump",  1, new List<string> { "Shared.Helpers" }),
@@ -71,7 +71,7 @@ public sealed class TransportRecordsTests
             Iterations: 600_000,
             SaltB64: "c2FsdA==",
             IvB64: "aXY=");
-        var summary = new BundleSummary(1, 0, 0, 0, 0, 0, 0, 0, 0);
+        var summary = new BundleSummary(1, 0, 0, 0, 0, 0, 0, 0);
         var manifest = new BundleManifest(
             BundleFormatVersion: 1,
             SchemaVersion: "1.0",
@@ -116,7 +116,6 @@ public sealed class TransportRecordsTests
             DatabaseConnectionIds: new[] { 20, 21 },
             NotificationListIds: Array.Empty<int>(),
             SmtpConfigurationIds: new[] { 30 },
-            ApiKeyIds: new[] { 40, 41 },
             ApiMethodIds: new[] { 50 },
             IncludeDependencies: true);
 
@@ -137,7 +136,6 @@ public sealed class TransportRecordsTests
             DatabaseConnectionIds: Array.Empty<int>(),
             NotificationListIds: Array.Empty<int>(),
             SmtpConfigurationIds: Array.Empty<int>(),
-            ApiKeyIds: Array.Empty<int>(),
             ApiMethodIds: Array.Empty<int>(),
             IncludeDependencies: false);
 
diff --git a/tests/ZB.MOM.WW.ScadaBridge.ManagementService.Tests/ManagementActorTests.cs b/tests/ZB.MOM.WW.ScadaBridge.ManagementService.Tests/ManagementActorTests.cs
index e54af2ad..6ab85964 100644
--- a/tests/ZB.MOM.WW.ScadaBridge.ManagementService.Tests/ManagementActorTests.cs
+++ b/tests/ZB.MOM.WW.ScadaBridge.ManagementService.Tests/ManagementActorTests.cs
@@ -1220,7 +1220,7 @@ public class ManagementActorTests : TestKit, IDisposable
             TemplateNames: null, SharedScriptNames: null,
             ExternalSystemNames: null, DatabaseConnectionNames: null,
             NotificationListNames: null, SmtpConfigurationNames: null,
-            ApiKeyNames: null, ApiMethodNames: null,
+            ApiMethodNames: null,
             IncludeDependencies: false, Passphrase: null,
             SourceEnvironment: "test-env");
 
@@ -1283,7 +1283,7 @@ public class ManagementActorTests : TestKit, IDisposable
             SharedScriptNames: null,
             ExternalSystemNames: null, DatabaseConnectionNames: null,
             NotificationListNames: null, SmtpConfigurationNames: null,
-            ApiKeyNames: null, ApiMethodNames: null,
+            ApiMethodNames: null,
             IncludeDependencies: false, Passphrase: null,
             SourceEnvironment: "test-env");
 
diff --git a/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/CompositionImportTests.cs b/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/CompositionImportTests.cs
index f9ee0c23..b146ead6 100644
--- a/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/CompositionImportTests.cs
+++ b/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/CompositionImportTests.cs
@@ -69,7 +69,6 @@ public sealed class CompositionImportTests : IDisposable
             DatabaseConnectionIds: Array.Empty<int>(),
             NotificationListIds: Array.Empty<int>(),
             SmtpConfigurationIds: Array.Empty<int>(),
-            ApiKeyIds: Array.Empty<int>(),
             ApiMethodIds: Array.Empty<int>(),
             IncludeDependencies: false);
 
diff --git a/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/ConflictResolutionTests.cs b/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/ConflictResolutionTests.cs
index a6f242d2..e570e92b 100644
--- a/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/ConflictResolutionTests.cs
+++ b/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/ConflictResolutionTests.cs
@@ -70,7 +70,6 @@ public sealed class ConflictResolutionTests : IDisposable
                 DatabaseConnectionIds: Array.Empty<int>(),
                 NotificationListIds: Array.Empty<int>(),
                 SmtpConfigurationIds: Array.Empty<int>(),
-                ApiKeyIds: Array.Empty<int>(),
                 ApiMethodIds: Array.Empty<int>(),
                 IncludeDependencies: false);
 
diff --git a/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/Export/BundleExporterTests.cs b/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/Export/BundleExporterTests.cs
index 32ab4562..e0f4e9a1 100644
--- a/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/Export/BundleExporterTests.cs
+++ b/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/Export/BundleExporterTests.cs
@@ -132,7 +132,6 @@ public sealed class BundleExporterTests : IDisposable
                 DatabaseConnectionIds: Array.Empty<int>(),
                 NotificationListIds: Array.Empty<int>(),
                 SmtpConfigurationIds: Array.Empty<int>(),
-                ApiKeyIds: Array.Empty<int>(),
                 ApiMethodIds: Array.Empty<int>(),
                 IncludeDependencies: true);
 
@@ -222,7 +221,6 @@ public sealed class BundleExporterTests : IDisposable
                 DatabaseConnectionIds: Array.Empty<int>(),
                 NotificationListIds: Array.Empty<int>(),
                 SmtpConfigurationIds: Array.Empty<int>(),
-                ApiKeyIds: Array.Empty<int>(),
                 ApiMethodIds: Array.Empty<int>(),
                 IncludeDependencies: true);
 
diff --git a/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/Import/BundleImporterApplyTests.cs b/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/Import/BundleImporterApplyTests.cs
index c5b1786f..93a3bf84 100644
--- a/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/Import/BundleImporterApplyTests.cs
+++ b/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/Import/BundleImporterApplyTests.cs
@@ -15,6 +15,7 @@ using ZB.MOM.WW.ScadaBridge.ConfigurationDatabase.Repositories;
 using ZB.MOM.WW.ScadaBridge.ConfigurationDatabase.Services;
 using ZB.MOM.WW.ScadaBridge.Transport;
 using ZB.MOM.WW.ScadaBridge.Transport.Import;
+using ZB.MOM.WW.ScadaBridge.Transport.Serialization;
 
 namespace ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests.Import;
 
@@ -96,7 +97,6 @@ public sealed class BundleImporterApplyTests : IDisposable
                 DatabaseConnectionIds: Array.Empty<int>(),
                 NotificationListIds: Array.Empty<int>(),
                 SmtpConfigurationIds: Array.Empty<int>(),
-                ApiKeyIds: Array.Empty<int>(),
                 ApiMethodIds: Array.Empty<int>(),
                 IncludeDependencies: false);
             bundleStream = await exporter.ExportAsync(selection, user: "alice", sourceEnvironment: "dev",
@@ -747,4 +747,96 @@ public sealed class BundleImporterApplyTests : IDisposable
         }
         Assert.Equal(1, result.Overwritten);
     }
+
+    // ─────────────────────────────────────────────────────────────────────
+    // Re-arch C4 backward-compat: a LEGACY (pre-C4) bundle still carries an
+    // ApiKeys section. The importer must ignore those keys gracefully — it must
+    // NOT fail to parse, must NOT create any ApiKey rows, and must surface the
+    // ignored-key count on the result (so the operator knows to re-issue keys).
+    // ─────────────────────────────────────────────────────────────────────
+    [Fact]
+    public async Task ApplyAsync_ignores_legacy_api_keys_in_bundle_without_failing()
+    {
+        // Arrange: hand-pack a legacy bundle whose content JSON contains an
+        // ApiKeys array plus one API method. New exports never emit ApiKeys, so
+        // we build the BundleContentDto directly with a populated (non-null)
+        // legacy ApiKeys list to faithfully simulate a pre-C4 file.
+        var legacyContent = new BundleContentDto(
+            TemplateFolders: Array.Empty<TemplateFolderDto>(),
+            Templates: Array.Empty<TemplateDto>(),
+            SharedScripts: Array.Empty<SharedScriptDto>(),
+            ExternalSystems: Array.Empty<ExternalSystemDto>(),
+            DatabaseConnections: Array.Empty<DatabaseConnectionDto>(),
+            NotificationLists: Array.Empty<NotificationListDto>(),
+            SmtpConfigs: Array.Empty<SmtpConfigDto>(),
+            ApiMethods: new[]
+            {
+                new ApiMethodDto("CreateOrder", "return 1;",
+                    ParameterDefinitions: null, ReturnDefinition: null, TimeoutSeconds: 30),
+            },
+            ApiKeys: new[]
+            {
+                new ApiKeyDto("legacy-key-a", "hash-a", IsEnabled: true, Secrets: null),
+                new ApiKeyDto("legacy-key-b", "hash-b", IsEnabled: false, Secrets: null),
+            });
+
+        Guid sessionId;
+        await using (var scope = _provider.CreateAsyncScope())
+        {
+            var serializer = scope.ServiceProvider.GetRequiredService<BundleSerializer>();
+            var manifestBuilder = scope.ServiceProvider.GetRequiredService<ManifestBuilder>();
+            var importer = scope.ServiceProvider.GetRequiredService<IBundleImporter>();
+
+            var contentBytes = serializer.SerializeContentBytes(legacyContent);
+
+            // Sanity: the packed content really does carry an ApiKeys section, so
+            // the test is exercising the legacy-ignore path rather than a no-op.
+            var contentJson = System.Text.Encoding.UTF8.GetString(contentBytes);
+            Assert.Contains("legacy-key-a", contentJson);
+
+            var manifest = manifestBuilder.Build(
+                sourceEnvironment: "legacy-env",
+                exportedBy: "alice",
+                scadaBridgeVersion: "0.9.0",
+                encryption: null,
+                summary: new BundleSummary(0, 0, 0, 0, 0, 0, 0, 1),
+                contents: Array.Empty<ManifestContentEntry>(),
+                contentBytes: contentBytes);
+            await using var packed = serializer.Pack(legacyContent, manifest, passphrase: null, encryptor: null);
+
+            using var ms = new MemoryStream();
+            await packed.CopyToAsync(ms);
+            ms.Position = 0;
+            var session = await importer.LoadAsync(ms, passphrase: null);
+            sessionId = session.SessionId;
+        }
+
+        // Act — apply with a resolution only for the method; the keys carry no
+        // resolutions (the preview never surfaces them) and must be ignored.
+        ImportResult result;
+        await using (var scope = _provider.CreateAsyncScope())
+        {
+            var importer = scope.ServiceProvider.GetRequiredService<IBundleImporter>();
+            result = await importer.ApplyAsync(sessionId,
+                new List<ImportResolution> { new("ApiMethod", "CreateOrder", ResolutionAction.Add, null) },
+                user: "bob");
+        }
+
+        // Assert — no keys created, the method WAS created, the ignored count is
+        // surfaced, and the import did not fault.
+        await using (var scope = _provider.CreateAsyncScope())
+        {
+            var inboundRepo = scope.ServiceProvider.GetRequiredService<IInboundApiRepository>();
+            var keys = await inboundRepo.GetAllApiKeysAsync();
+            Assert.Empty(keys);
+
+            var methods = await inboundRepo.GetAllApiMethodsAsync();
+            Assert.Single(methods);
+            Assert.Equal("CreateOrder", methods[0].Name);
+        }
+
+        Assert.Equal(2, result.ApiKeysIgnored);
+        Assert.Equal(1, result.Added);     // the API method
+        Assert.NotEqual(Guid.Empty, result.BundleImportId);
+    }
 }
diff --git a/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/Import/BundleImporterPreviewTests.cs b/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/Import/BundleImporterPreviewTests.cs
index 48b35ed6..ea322373 100644
--- a/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/Import/BundleImporterPreviewTests.cs
+++ b/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/Import/BundleImporterPreviewTests.cs
@@ -61,7 +61,6 @@ public sealed class BundleImporterPreviewTests : IDisposable
             DatabaseConnectionIds: Array.Empty<int>(),
             NotificationListIds: Array.Empty<int>(),
             SmtpConfigurationIds: Array.Empty<int>(),
-            ApiKeyIds: Array.Empty<int>(),
             ApiMethodIds: Array.Empty<int>(),
             IncludeDependencies: false);
 
diff --git a/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/Import/BundleImporterRollbackFailureTests.cs b/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/Import/BundleImporterRollbackFailureTests.cs
index f2ef3e8c..21a80589 100644
--- a/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/Import/BundleImporterRollbackFailureTests.cs
+++ b/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/Import/BundleImporterRollbackFailureTests.cs
@@ -181,7 +181,6 @@ public sealed class BundleImporterRollbackFailureTests : IDisposable
                 DatabaseConnectionIds: Array.Empty<int>(),
                 NotificationListIds: Array.Empty<int>(),
                 SmtpConfigurationIds: Array.Empty<int>(),
-                ApiKeyIds: Array.Empty<int>(),
                 ApiMethodIds: Array.Empty<int>(),
                 IncludeDependencies: false);
             bundleStream = await exporter.ExportAsync(selection, user: "alice", sourceEnvironment: "dev",
diff --git a/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/RoundTripTests.cs b/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/RoundTripTests.cs
index 029a1556..577571e6 100644
--- a/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/RoundTripTests.cs
+++ b/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/RoundTripTests.cs
@@ -122,7 +122,6 @@ public sealed class RoundTripTests : IDisposable
                 DatabaseConnectionIds: Array.Empty<int>(),
                 NotificationListIds: notificationListIds,
                 SmtpConfigurationIds: Array.Empty<int>(),
-                ApiKeyIds: Array.Empty<int>(),
                 ApiMethodIds: Array.Empty<int>(),
                 IncludeDependencies: true);
 
diff --git a/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/SemanticValidatorImportTests.cs b/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/SemanticValidatorImportTests.cs
index 9e7e4bf3..01f2b1f2 100644
--- a/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/SemanticValidatorImportTests.cs
+++ b/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/SemanticValidatorImportTests.cs
@@ -81,7 +81,6 @@ public sealed class SemanticValidatorImportTests : IDisposable
                 DatabaseConnectionIds: Array.Empty<int>(),
                 NotificationListIds: Array.Empty<int>(),
                 SmtpConfigurationIds: Array.Empty<int>(),
-                ApiKeyIds: Array.Empty<int>(),
                 ApiMethodIds: Array.Empty<int>(),
                 IncludeDependencies: false);
 
diff --git a/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/ValidationFailureTests.cs b/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/ValidationFailureTests.cs
index fc4a7d09..50cd16a4 100644
--- a/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/ValidationFailureTests.cs
+++ b/tests/ZB.MOM.WW.ScadaBridge.Transport.IntegrationTests/ValidationFailureTests.cs
@@ -84,7 +84,6 @@ public sealed class ValidationFailureTests : IDisposable
                 DatabaseConnectionIds: Array.Empty<int>(),
                 NotificationListIds: Array.Empty<int>(),
                 SmtpConfigurationIds: Array.Empty<int>(),
-                ApiKeyIds: Array.Empty<int>(),
                 ApiMethodIds: Array.Empty<int>(),
                 IncludeDependencies: false);
 
diff --git a/tests/ZB.MOM.WW.ScadaBridge.Transport.Tests/Export/DependencyResolverTests.cs b/tests/ZB.MOM.WW.ScadaBridge.Transport.Tests/Export/DependencyResolverTests.cs
index 54bd8465..517fe856 100644
--- a/tests/ZB.MOM.WW.ScadaBridge.Transport.Tests/Export/DependencyResolverTests.cs
+++ b/tests/ZB.MOM.WW.ScadaBridge.Transport.Tests/Export/DependencyResolverTests.cs
@@ -25,7 +25,6 @@ public sealed class DependencyResolverTests
         DatabaseConnectionIds: Array.Empty<int>(),
         NotificationListIds: Array.Empty<int>(),
         SmtpConfigurationIds: Array.Empty<int>(),
-        ApiKeyIds: Array.Empty<int>(),
         ApiMethodIds: Array.Empty<int>(),
         IncludeDependencies: true);
 
@@ -36,7 +35,6 @@ public sealed class DependencyResolverTests
         DatabaseConnectionIds: Array.Empty<int>(),
         NotificationListIds: Array.Empty<int>(),
         SmtpConfigurationIds: Array.Empty<int>(),
-        ApiKeyIds: Array.Empty<int>(),
         ApiMethodIds: ids,
         IncludeDependencies: true);
 
diff --git a/tests/ZB.MOM.WW.ScadaBridge.Transport.Tests/Import/BundleImporterLoadTests.cs b/tests/ZB.MOM.WW.ScadaBridge.Transport.Tests/Import/BundleImporterLoadTests.cs
index c3a68047..e8d15cb5 100644
--- a/tests/ZB.MOM.WW.ScadaBridge.Transport.Tests/Import/BundleImporterLoadTests.cs
+++ b/tests/ZB.MOM.WW.ScadaBridge.Transport.Tests/Import/BundleImporterLoadTests.cs
@@ -43,7 +43,6 @@ public sealed class BundleImporterLoadTests
         DatabaseConnections: Array.Empty<DatabaseConnectionDto>(),
         NotificationLists: Array.Empty<NotificationListDto>(),
         SmtpConfigs: Array.Empty<SmtpConfigDto>(),
-        ApiKeys: Array.Empty<ApiKeyDto>(),
         ApiMethods: Array.Empty<ApiMethodDto>());
 
     private static BundleContentDto SmallContent() => new(
@@ -65,7 +64,6 @@ public sealed class BundleImporterLoadTests
         DatabaseConnections: Array.Empty<DatabaseConnectionDto>(),
         NotificationLists: Array.Empty<NotificationListDto>(),
         SmtpConfigs: Array.Empty<SmtpConfigDto>(),
-        ApiKeys: Array.Empty<ApiKeyDto>(),
         ApiMethods: Array.Empty<ApiMethodDto>());
 
     private sealed class TestTimeProvider : TimeProvider
@@ -132,7 +130,7 @@ public sealed class BundleImporterLoadTests
             exportedBy: "alice",
             scadaBridgeVersion: "1.0.0",
             encryption: null,
-            summary: new BundleSummary(content.Templates.Count, 0, 0, 0, 0, 0, 0, 0, 0),
+            summary: new BundleSummary(content.Templates.Count, 0, 0, 0, 0, 0, 0, 0),
             contents: Array.Empty<ManifestContentEntry>(),
             contentBytes: contentBytes);
         return serializer.Pack(content, manifest, passphrase: null, encryptor: null);
@@ -154,7 +152,7 @@ public sealed class BundleImporterLoadTests
             exportedBy: "alice",
             scadaBridgeVersion: "1.0.0",
             encryption: seed,
-            summary: new BundleSummary(content.Templates.Count, 0, 0, 0, 0, 0, 0, 0, 0),
+            summary: new BundleSummary(content.Templates.Count, 0, 0, 0, 0, 0, 0, 0),
             contents: Array.Empty<ManifestContentEntry>(),
             contentBytes: contentBytes);
         return serializer.Pack(content, manifest, passphrase, encryptor);
@@ -450,7 +448,7 @@ public sealed class BundleImporterLoadTests
             ScadaBridgeVersion: "1.0.0",
             ContentHash: "sha256:" + Convert.ToHexString(SHA256.HashData(contentBytes)).ToLowerInvariant(),
             Encryption: null,
-            Summary: new BundleSummary(0, 0, 0, 0, 0, 0, 0, 0, 0),
+            Summary: new BundleSummary(0, 0, 0, 0, 0, 0, 0, 0),
             Contents: Array.Empty<ManifestContentEntry>());
 
         var bundleStream = HandCraftZip(forwardManifest, contentBytes, encrypted: false);
@@ -473,7 +471,7 @@ public sealed class BundleImporterLoadTests
             exportedBy: "alice",
             scadaBridgeVersion: "1.0.0",
             encryption: null,
-            summary: new BundleSummary(1, 0, 0, 0, 0, 0, 0, 0, 0),
+            summary: new BundleSummary(1, 0, 0, 0, 0, 0, 0, 0),
             contents: Array.Empty<ManifestContentEntry>(),
             contentBytes: originalContentBytes);
 
diff --git a/tests/ZB.MOM.WW.ScadaBridge.Transport.Tests/Import/BundleSessionStoreTests.cs b/tests/ZB.MOM.WW.ScadaBridge.Transport.Tests/Import/BundleSessionStoreTests.cs
index 69deaef7..91d77e6b 100644
--- a/tests/ZB.MOM.WW.ScadaBridge.Transport.Tests/Import/BundleSessionStoreTests.cs
+++ b/tests/ZB.MOM.WW.ScadaBridge.Transport.Tests/Import/BundleSessionStoreTests.cs
@@ -26,7 +26,7 @@ public sealed class BundleSessionStoreTests
         ScadaBridgeVersion: "1",
         ContentHash: "0",
         Encryption: null,
-        Summary: new BundleSummary(0, 0, 0, 0, 0, 0, 0, 0, 0),
+        Summary: new BundleSummary(0, 0, 0, 0, 0, 0, 0, 0),
         Contents: Array.Empty<ManifestContentEntry>());
 
     [Fact]
diff --git a/tests/ZB.MOM.WW.ScadaBridge.Transport.Tests/Serialization/BundleSerializerTests.cs b/tests/ZB.MOM.WW.ScadaBridge.Transport.Tests/Serialization/BundleSerializerTests.cs
index fcdaa364..e8931cdd 100644
--- a/tests/ZB.MOM.WW.ScadaBridge.Transport.Tests/Serialization/BundleSerializerTests.cs
+++ b/tests/ZB.MOM.WW.ScadaBridge.Transport.Tests/Serialization/BundleSerializerTests.cs
@@ -21,7 +21,6 @@ public sealed class BundleSerializerTests
         DatabaseConnections: Array.Empty<DatabaseConnectionDto>(),
         NotificationLists: Array.Empty<NotificationListDto>(),
         SmtpConfigs: Array.Empty<SmtpConfigDto>(),
-        ApiKeys: Array.Empty<ApiKeyDto>(),
         ApiMethods: Array.Empty<ApiMethodDto>());
 
     private static BundleManifest BuildManifestFor(byte[] contentBytes, EncryptionMetadata? encryption = null) =>
@@ -30,7 +29,7 @@ public sealed class BundleSerializerTests
             exportedBy: "tester",
             scadaBridgeVersion: "1.0.0",
             encryption: encryption,
-            summary: new BundleSummary(0, 1, 1, 0, 0, 0, 0, 0, 0),
+            summary: new BundleSummary(0, 1, 1, 0, 0, 0, 0, 0),
             contents: Array.Empty<ManifestContentEntry>(),
             contentBytes: contentBytes);
 
diff --git a/tests/ZB.MOM.WW.ScadaBridge.Transport.Tests/Serialization/EntitySerializerTests.cs b/tests/ZB.MOM.WW.ScadaBridge.Transport.Tests/Serialization/EntitySerializerTests.cs
index b6c1bb93..a4604310 100644
--- a/tests/ZB.MOM.WW.ScadaBridge.Transport.Tests/Serialization/EntitySerializerTests.cs
+++ b/tests/ZB.MOM.WW.ScadaBridge.Transport.Tests/Serialization/EntitySerializerTests.cs
@@ -19,7 +19,6 @@ public sealed class EntitySerializerTests
         DatabaseConnections: Array.Empty<DatabaseConnectionDefinition>(),
         NotificationLists: Array.Empty<NotificationList>(),
         SmtpConfigurations: Array.Empty<SmtpConfiguration>(),
-        ApiKeys: Array.Empty<ApiKey>(),
         ApiMethods: Array.Empty<ApiMethod>());
 
     [Fact]
@@ -217,7 +216,6 @@ public sealed class EntitySerializerTests
             DatabaseConnections: Array.Empty<DatabaseConnectionDto>(),
             NotificationLists: Array.Empty<NotificationListDto>(),
             SmtpConfigs: Array.Empty<SmtpConfigDto>(),
-            ApiKeys: Array.Empty<ApiKeyDto>(),
             ApiMethods: Array.Empty<ApiMethodDto>());
 
         var aggregate = new EntitySerializer().FromBundleContent(dto);
diff --git a/tests/ZB.MOM.WW.ScadaBridge.Transport.Tests/Serialization/ManifestBuilderTests.cs b/tests/ZB.MOM.WW.ScadaBridge.Transport.Tests/Serialization/ManifestBuilderTests.cs
index 31de5388..44ccf545 100644
--- a/tests/ZB.MOM.WW.ScadaBridge.Transport.Tests/Serialization/ManifestBuilderTests.cs
+++ b/tests/ZB.MOM.WW.ScadaBridge.Transport.Tests/Serialization/ManifestBuilderTests.cs
@@ -7,14 +7,14 @@ namespace ZB.MOM.WW.ScadaBridge.Transport.Tests.Serialization;
 
 public sealed class ManifestBuilderTests
 {
-    private static BundleSummary EmptySummary => new(0, 0, 0, 0, 0, 0, 0, 0, 0);
+    private static BundleSummary EmptySummary => new(0, 0, 0, 0, 0, 0, 0, 0);
     private static IReadOnlyList<ManifestContentEntry> NoContents => Array.Empty<ManifestContentEntry>();
 
     [Fact]
     public void Build_populates_summary_from_contents()
     {
         var sut = new ManifestBuilder();
-        var summary = new BundleSummary(2, 1, 0, 0, 0, 0, 0, 0, 0);
+        var summary = new BundleSummary(2, 1, 0, 0, 0, 0, 0, 0);
         var contents = new[]
         {
             new ManifestContentEntry("Template", "T1", 1, Array.Empty<string>()),