Skip to main content
PATCH
/
api_keys
/
{api_key_id}
Update API Key Scopes
curl --request PATCH \
  --url https://api.example.com/api_keys/{api_key_id} \
  --header 'Content-Type: application/json' \
  --data '
{
  "scopes": [
    {
      "resource_id": "<string>",
      "resource_type": "<string>",
      "role": "discoverer"
    }
  ]
}
'
{
  "created_by": "<string>",
  "id": "<string>",
  "key_prefix": "<string>",
  "name": "<string>",
  "org_id": "<string>",
  "created_at": "2023-11-07T05:31:56Z",
  "description": "<string>",
  "last_used_at": "2023-11-07T05:31:56Z",
  "revoked_at": "2023-11-07T05:31:56Z",
  "scopes": [
    {
      "resource_id": "<string>",
      "resource_type": "<string>",
      "role": "discoverer"
    }
  ],
  "sharing_group_ids": [
    "<string>"
  ]
}

Documentation Index

Fetch the complete documentation index at: https://docs.terminaluse.com/llms.txt

Use this file to discover all available pages before exploring further.

Each scope grants a role on a specific resource: 
{
  "resource_type": "agent",
  "resource_id": "agt_xxx",
  "role": "editor"
}

Valid Roles by Resource Type

Resource TypeValid Roles
orgadmin, member
namespaceadmin
projectdiscoverer, viewer, editor, owner
agentdiscoverer, viewer, editor, owner, executor
The executor role is legacy and is normalized to viewer internally, but still grants run permission.

Path Parameters

api_key_id
string
required

Body

application/json

Request model for updating API key scopes.

scopes
ApiKeyScope · object[]
required

Updated list of resource scopes.

Minimum array length: 1

Response

Successful Response

Response model for API key (excludes sensitive data).

created_by
string
required

member_id of the creator.

id
string
required

The unique identifier of the API key.

key_prefix
string
required

Display prefix (e.g., 'sk_tu_abc...').

name
string
required

Human-readable name for the API key.

org_id
string
required

WorkOS organization ID.

created_at
string<date-time> | null

When the key was created.

description
string | null

Optional description.

last_used_at
string<date-time> | null

When the key was last used.

revoked_at
string<date-time> | null

When the key was revoked (soft delete).

scopes
ApiKeyScope · object[]

List of resource scopes for this API key.

sharing_group_ids
string[]

Groups that receive default admin grants on resources created by this key.