Ana içeriğe atla

Endpoint

PATCH /apiops/projects/{projectName}/apiProxies/{apiProxyName}/settings/keys/

Authentication

Requires a Personal API Access Token. 
Authorization: Bearer YOUR_TOKEN

Request

Headers

HeaderValueRequired
AuthorizationBearer Yes
Content-Typeapplication/jsonYes

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name

Request Body

Full JSON Body Example - Update Both Keys

{
  "publicKey": "ak_1234567890abcdef",
  "secretKey": "sk_9876543210fedcba"
}

Full JSON Body Example - Update Only Public Key

{
  "publicKey": "ak_1234567890abcdef"
}

Full JSON Body Example - Update Only Secret Key

{
  "secretKey": "sk_9876543210fedcba"
}

Request Body Fields

FieldTypeRequiredDefaultDescription
publicKeystringNo-API Proxy public key (API Key). If provided, must not be blank
secretKeystringNo-API Proxy secret key. If provided, must not be blank

Notes

  • At least one of publicKey or secretKey must be provided
  • If a key is provided, it must not be blank (empty string or whitespace)
  • Keys are stored securely and used for API Proxy authentication
  • Public Key is typically used for identification
  • Secret Key is used for authentication and should be kept confidential
  • Keys can be updated independently (you can update only one key if needed)

Response

Success Response (200 OK)

{
  "success": true
}

Response Fields

FieldTypeDescription
successbooleanIndicates if the request was successful

Error Response (400 Bad Request)

{
  "error": "bad_request",
  "error_description": "At least one key (publicKey or secretKey) must be provided"
}

Common Causes

  • Both publicKey and secretKey are missing or null
  • Provided key is blank (empty string or whitespace)

Error Response (401 Unauthorized)

{
  "error": "unauthorized_client",
  "error_description": "Invalid token"
}

Error Response (404 Not Found)

{
  "error": "not_found",
  "error_description": "ApiProxy (name: MyAPI) was not found!"
}

cURL Example

Example 1: Update Both Keys

curl -X PATCH \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/settings/keys/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "publicKey": "ak_1234567890abcdef",
    "secretKey": "sk_9876543210fedcba"
  }'

Example 2: Update Only Public Key

curl -X PATCH \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/settings/keys/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "publicKey": "ak_new_public_key_12345"
  }'

Example 3: Update Only Secret Key

curl -X PATCH \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/settings/keys/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "secretKey": "sk_new_secret_key_67890"
  }'

Notes and Warnings

  • Key Format:
    • Keys can be any non-blank string
    • Common formats include prefixes like ak_ for public keys and sk_ for secret keys
    • Keys are case-sensitive
  • Key Security:
    • Secret keys should be kept confidential
    • Do not expose secret keys in logs, documentation, or version control
    • Rotate keys regularly for security
  • Partial Updates:
    • You can update only one key if needed
    • The other key will remain unchanged
  • Blank Values:
    • Keys cannot be blank (empty string or whitespace)
    • If a key is provided, it must contain at least one non-whitespace character
  • Key Uniqueness:
    • Keys should be unique across API Proxies
    • Duplicate keys may cause authentication conflicts

Permissions

User must have API_MANAGEMENT + MANAGE permission in the project.
  • Immediate Effect:
    • Key changes take effect immediately
    • Existing authenticated sessions may be affected
  • Key Storage:
    • Keys are stored securely in the database
    • Keys are encrypted at rest
  • API Proxy Identification:
    • Public keys are often used for API Proxy identification
    • Secret keys are used for authentication and authorization