keys

Update key settings

Update key properties in response to plan changes, subscription updates, or account status changes.

Use this for user upgrades/downgrades, role modifications, or administrative changes. Supports partial updates - only specify fields you want to change. Set fields to null to clear them.

Important: Permissions and roles are replaced entirely. Use dedicated add/remove endpoints for incremental changes.

Required Permissions

Your root key must have one of the following permissions:

api.*.update_key (to update keys in any API)
api.<api_id>.update_key (to update keys in a specific API)

Side Effects

If you specify an externalId that doesn’t exist, a new identity will be automatically created and linked to the key. Permission updates will auto-create any permissions that don’t exist in your workspace. Changes take effect immediately but may take up to 30 seconds to propagate to all edge regions due to cache invalidation.

POST

keys.updateKey

Go (SDK)

package main

import(
	"context"
	"os"
	unkey "github.com/unkeyed/sdks/api/go/v2"
	"github.com/unkeyed/sdks/api/go/v2/models/components"
	"log"
)

func main() {
    ctx := context.Background()

    s := unkey.New(
        unkey.WithSecurity(os.Getenv("UNKEY_ROOT_KEY")),
    )

    res, err := s.Keys.UpdateKey(ctx, components.V2KeysUpdateKeyRequestBody{
        KeyID: "key_2cGKbMxRyIzhCxo1Idjz8q",
        Name: unkey.String("Payment Service Production Key"),
        ExternalID: unkey.String("user_912a841d"),
        Meta: map[string]any{
            "plan": "enterprise",
            "limits": map[string]any{
                "storage": "500GB",
                "compute": "1000 minutes/month",
            },
            "features": []any{
                "analytics",
                "exports",
                "webhooks",
            },
            "hasAcceptedTerms": true,
            "billing": map[string]any{
                "cycle": "monthly",
                "next_billing": "2024-01-15",
            },
            "preferences": map[string]any{
                "timezone": "UTC",
                "notifications": true,
            },
            "lastBillingDate": "2023-10-15",
        },
        Expires: unkey.Int64(1704067200000),
        Credits: &components.KeyCreditsData{
            Remaining: unkey.Int64(1000),
            Refill: &components.KeyCreditsRefill{
                Interval: components.IntervalDaily,
                Amount: 1000,
                RefillDay: unkey.Int64(15),
            },
        },
        Ratelimits: []components.RatelimitRequest{
            components.RatelimitRequest{
                Name: "api",
                Limit: 453542,
                Duration: 350222,
            },
        },
        Enabled: unkey.Bool(true),
        Roles: []string{
            "api_admin",
            "billing_reader",
        },
        Permissions: []string{
            "documents.read",
            "documents.write",
            "settings.view",
        },
    })
    if err != nil {
        log.Fatal(err)
    }
    if res.V2KeysUpdateKeyResponseBody != nil {
        // handle response
    }
}

{
  "data": {},
  "meta": {
    "requestId": "req_01H9TQPP77V5E48E9SH0BG0ZQY"
  }
}

Authorizations

Authorization

string

header

required

Unkey uses API keys (root keys) for authentication. These keys authorize access to management operations in the API. To authenticate, include your root key in the Authorization header of each request:

Authorization: Bearer unkey_123

Root keys have specific permissions attached to them, controlling what operations they can perform. Key permissions follow a hierarchical structure with patterns like resource.resource_id.action (e.g., apis.*.create_key, apis.*.read_api). Security best practices:

Keep root keys secure and never expose them in client-side code
Use different root keys for different environments
Rotate keys periodically, especially after team member departures
Create keys with minimal necessary permissions following least privilege principle
Monitor key usage with audit logs.

Body

application/json

Response

200

application/json

Key updated successfully. Changes take effect immediately with up to 30-second edge propagation.

The response is of type object.

Verify API keyVerify an API key's validity and permissions for request authentication. Use this endpoint on every incoming request to your protected resources. It checks key validity, permissions, rate limits, and usage quotas in a single call. **Important**: Always returns HTTP 200. Check the `valid` field in response data to determine if the key is authorized. **Common use cases:** - Authenticate API requests before processing - Enforce permission-based access control - Track usage and apply rate limits **Required Permissions** Your root key needs one of: - `api.*.verify_key` (verify keys in any API) - `api.<api_id>.verify_key` (verify keys in specific API) If you are getting a NOT_FOUND error, ensure your root key has the required verify key permissions.

Go (SDK)

package main

import(
	"context"
	"os"
	unkey "github.com/unkeyed/sdks/api/go/v2"
	"github.com/unkeyed/sdks/api/go/v2/models/components"
	"log"
)

func main() {
    ctx := context.Background()

    s := unkey.New(
        unkey.WithSecurity(os.Getenv("UNKEY_ROOT_KEY")),
    )

    res, err := s.Keys.UpdateKey(ctx, components.V2KeysUpdateKeyRequestBody{
        KeyID: "key_2cGKbMxRyIzhCxo1Idjz8q",
        Name: unkey.String("Payment Service Production Key"),
        ExternalID: unkey.String("user_912a841d"),
        Meta: map[string]any{
            "plan": "enterprise",
            "limits": map[string]any{
                "storage": "500GB",
                "compute": "1000 minutes/month",
            },
            "features": []any{
                "analytics",
                "exports",
                "webhooks",
            },
            "hasAcceptedTerms": true,
            "billing": map[string]any{
                "cycle": "monthly",
                "next_billing": "2024-01-15",
            },
            "preferences": map[string]any{
                "timezone": "UTC",
                "notifications": true,
            },
            "lastBillingDate": "2023-10-15",
        },
        Expires: unkey.Int64(1704067200000),
        Credits: &components.KeyCreditsData{
            Remaining: unkey.Int64(1000),
            Refill: &components.KeyCreditsRefill{
                Interval: components.IntervalDaily,
                Amount: 1000,
                RefillDay: unkey.Int64(15),
            },
        },
        Ratelimits: []components.RatelimitRequest{
            components.RatelimitRequest{
                Name: "api",
                Limit: 453542,
                Duration: 350222,
            },
        },
        Enabled: unkey.Bool(true),
        Roles: []string{
            "api_admin",
            "billing_reader",
        },
        Permissions: []string{
            "documents.read",
            "documents.write",
            "settings.view",
        },
    })
    if err != nil {
        log.Fatal(err)
    }
    if res.V2KeysUpdateKeyResponseBody != nil {
        // handle response
    }
}

{
  "data": {},
  "meta": {
    "requestId": "req_01H9TQPP77V5E48E9SH0BG0ZQY"
  }
}

Introduction

Endpoints

Update key settings

Authorizations

Body

Response