diff --git a/cmd/apikey.go b/cmd/apikey.go
index 49aab1e346..58a5e50f93 100644
--- a/cmd/apikey.go
+++ b/cmd/apikey.go
@@ -116,7 +116,7 @@ If neither of them are, an error will be returned.`,
 				// TODO(axw) this should trigger usage
 				return errors.New(`either "id" or "name" are required`)
 			}
-			return invalidateAPIKey(client, &id, &name, json)
+			return invalidateAPIKey(client, id, name, json)
 		}),
 	}
 	invalidate.Flags().StringVar(&id, "id", "", "id of the API Key to delete")
@@ -393,17 +393,12 @@ func getAPIKey(client es.Client, id, name *string, validOnly, asJSON bool) error
 	return nil
 }
 
-func invalidateAPIKey(client es.Client, id, name *string, asJSON bool) error {
-	if isSet(id) {
-		name = nil
-	} else if isSet(name) {
-		id = nil
-	}
-	invalidateKeysRequest := es.InvalidateAPIKeyRequest{
-		APIKeyQuery: es.APIKeyQuery{
-			ID:   id,
-			Name: name,
-		},
+func invalidateAPIKey(client es.Client, id string, name string, asJSON bool) error {
+	invalidateKeysRequest := es.InvalidateAPIKeyRequest{}
+	if id != "" {
+		invalidateKeysRequest.IDs = []string{id}
+	} else if name != "" {
+		invalidateKeysRequest.Name = &name
 	}
 	invalidation, err := es.InvalidateAPIKey(context.Background(), client, invalidateKeysRequest)
 	if err != nil {
diff --git a/elasticsearch/security_api.go b/elasticsearch/security_api.go
index 459ffd4eab..cd052ad4ee 100644
--- a/elasticsearch/security_api.go
+++ b/elasticsearch/security_api.go
@@ -97,7 +97,9 @@ type HasPrivilegesResponse struct {
 }
 
 type InvalidateAPIKeyRequest struct {
-	APIKeyQuery
+	// normally the Elasticsearch API will require either Ids or Name, but not both
+	IDs  []string `json:"ids,omitempty"`
+	Name *string  `json:"name,omitempty"`
 }
 
 type InvalidateAPIKeyResponse struct {