Update API Keys
Endpoint
PATCH /apiops/projects/{projectName}/apiProxies/{apiProxyName}/settings/keys/
Authentication
Requires a Personal API Access Token.
Header
Authorization: Bearer YOUR_TOKEN
Request
Headers
| Header | Value | Required |
|---|---|---|
| Authorization | Bearer {token} | Yes |
| Content-Type | application/json | Yes |
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| projectName | string | Yes | Project name |
| apiProxyName | string | Yes | API Proxy name |
Request Body
Full JSON Body Example - Update Both Keys
{
"publicKey": "ak_1234567890abcdef",
"secretKey": "sk_9876543210fedcba",
"deploy": false,
"deployTargetEnvironmentNameList": []
}
Full JSON Body Example - Update Only Public Key
{
"publicKey": "ak_1234567890abcdef"
}
Full JSON Body Example - Update Only Secret Key
{
"secretKey": "sk_9876543210fedcba"
}
Request Body Fields
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
| publicKey | string | No | - | API Proxy public key (API Key). If provided, must not be blank |
| secretKey | string | No | - | API Proxy secret key. If provided, must not be blank |
| deploy | boolean | No | false | If true, deploy the API proxy after saving changes |
| deployTargetEnvironmentNameList | array[string] | No | - | List of environment names to deploy to (required when deploy=true) |
Notes
- At least one of
publicKeyorsecretKeymust be provided - If a key is provided, it must not be blank (empty string or whitespace)
- Keys are stored securely and used for API Proxy authentication
- Public Key is typically used for identification
- Secret Key is used for authentication and should be kept confidential
- Keys can be updated independently (you can update only one key if needed)
Response
Success Response (200 OK)
{
"success": true
}
When deploy=true is specified:
{
"success": true,
"deploymentResult": {
"success": true,
"deploymentResults": [
{
"environmentName": "production",
"success": true,
"message": "Deployment successful"
}
]
}
}
Response Fields
| Field | Type | Description |
|---|---|---|
| success | boolean | Indicates if the request was successful |
| deploymentResult | object | Only present when deploy=true |
| deploymentResult.success | boolean | Overall deployment success status |
| deploymentResult.deploymentResults | array | Per-environment deployment results |
Error Response (400 Bad Request)
{
"error": "bad_request",
"error_description": "At least one key (publicKey or secretKey) must be provided"
}
Common Causes
- Both
publicKeyandsecretKeyare missing or null - Provided key is blank (empty string or whitespace)
Error Response (401 Unauthorized)
{
"error": "unauthorized_client",
"error_description": "Invalid token"
}
Error Response (404 Not Found)
{
"error": "not_found",
"error_description": "ApiProxy (name: MyAPI) was not found!"
}
cURL Example
Example 1: Update Both Keys
curl -X PATCH \
"https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/settings/keys/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"publicKey": "ak_1234567890abcdef",
"secretKey": "sk_9876543210fedcba"
}'
Example 2: Update Only Public Key
curl -X PATCH \
"https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/settings/keys/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"publicKey": "ak_new_public_key_12345"
}'
Example 3: Update Only Secret Key
curl -X PATCH \
"https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/settings/keys/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"secretKey": "sk_new_secret_key_67890"
}'
Example 4: Save and Deploy
curl -X PATCH \
"https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/settings/keys/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"publicKey": "ak_1234567890abcdef",
"deploy": true,
"deployTargetEnvironmentNameList": ["production"]
}'
Notes and Warnings
- Key Format:
- Keys can be any non-blank string
- Common formats include prefixes like
ak_for public keys andsk_for secret keys - Keys are case-sensitive
- Key Security:
- Secret keys should be kept confidential
- Do not expose secret keys in logs, documentation, or version control
- Rotate keys regularly for security
- Partial Updates:
- You can update only one key if needed
- The other key will remain unchanged
- Blank Values:
- Keys cannot be blank (empty string or whitespace)
- If a key is provided, it must contain at least one non-whitespace character
- Key Uniqueness:
- Keys should be unique across API Proxies
- Duplicate keys may cause authentication conflicts
Permissions
User must have API_MANAGEMENT + MANAGE permission in the project.
- Immediate Effect:
- Key changes take effect immediately
- Existing authenticated sessions may be affected
- Key Storage:
- Keys are stored securely in the database
- Keys are encrypted at rest
- Deploy: When
deploy=true, the API proxy is automatically deployed to the specified environments after saving - API Proxy Identification:
- Public keys are often used for API Proxy identification
- Secret keys are used for authentication and authorization
Related Documentation
- Get API Proxy - Get API proxy details (includes current keys)
- Update Metadata - Update API proxy metadata
- Create API Proxy - Create new API proxy