Skip to main content
PATCH
/
v1
/
api-keys
/
{id}
Update API Key
curl --request PATCH \
  --url https://api.example.com/v1/api-keys/{id} \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "scopes": [
    "<string>"
  ],
  "expires_at": "<string>",
  "metadata": {}
}
'

Overview

Updates an API key. The raw key value is never affected — use Rotate API Key to issue new credentials. Metadata uses merge semantics (null values remove keys). Scope changes are subject to escalation prevention: you cannot grant scopes that the calling key does not already hold. System keys cannot be modified. Requires the api-keys:manage scope.

Path Parameters

id
string
required
API key ID (key_...).

Request Body

name
string
New name (1-255 characters).
scopes
string[]
Replacement scope list (at least one). Subject to escalation prevention.
expires_at
string
New expiry as an ISO 8601 timestamp, or null to clear. Must be in the future.
metadata
object
Metadata patch. Values may be strings or null.

Response

Returns the updated API key. Same shape as Get API Key.

Code Examples

curl -X PATCH "https://api.signa.so/v1/api-keys/key_abc123" \
  -H "Authorization: Bearer sig_live_YOUR_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production server (renamed)",
    "scopes": ["trademarks:read", "search:read"],
    "metadata": { "owner": "platform-team" }
  }'

Errors

StatusTypeDescription
400validation_errorEmpty name, invalid scope, expires_at not in the future
401unauthorizedMissing or invalid API key
403forbiddenAPI key lacks api-keys:manage, target key is a system key, or scope escalation attempted
404not_foundAPI key does not exist or belongs to another org