API ReferenceByok

Update a BYOK provider credential

Update an existing bring-your-own-key (BYOK) provider credential by its id. Include the key field to rotate the raw provider API key in-place (the previous key material is overwritten). Management key required.

Authentication

AuthorizationBearer
API key as bearer token in Authorization header

Path parameters

idstringRequiredformat: "uuid"

The BYOK credential ID (UUID).

Request

This endpoint expects an object.
allowed_modelslist of strings or nullOptional

Optional allowlist of model slugs this credential may be used for. null means no restriction.

allowed_user_idslist of strings or nullOptional

Optional allowlist of user IDs that may use this credential. null means no restriction.

disabledbooleanOptional
Whether this credential is disabled.
is_fallbackbooleanOptional

Whether this credential is treated as a fallback — used only after non-fallback keys for the same provider have been tried.

keystringOptional>=1 character

A new raw provider API key to rotate the credential in-place. The previous key material is overwritten and the masked label is regenerated. Encrypted at rest and never returned in API responses.

namestring or nullOptional<=255 characters

Optional human-readable name for the credential.

Response

BYOK credential updated successfully
dataobject
The updated BYOK credential.

Errors

400
Bad Request Error
401
Unauthorized Error
404
Not Found Error
500
Internal Server Error