Skip to main content
PATCH
/
project-keys
/
{project_key_id}
Update Project Key
curl --request PATCH \
  --url https://api.streamkap.com/project-keys/{project_key_id} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "description": "<string>",
  "role_ids": [
    "<string>"
  ],
  "permission_ids": [
    "<string>"
  ],
  "kafka_acls": [
    {
      "topic_name": "<string>",
      "operation": "<string>",
      "resource_pattern_type": "<string>",
      "resource": "TOPIC"
    }
  ],
  "whitelist_ips": "<string>",
  "kafka_config": {
    "username": "<string>",
    "password": "<string>",
    "whitelist_ips": "<string>",
    "kafka_acls": [
      {
        "topic_name": "<string>",
        "operation": "<string>",
        "resource_pattern_type": "<string>",
        "resource": "TOPIC"
      }
    ],
    "is_create_schema_registry": false
  },
  "kafka_password": "<string>",
  "tool_profile": "full",
  "allowed_tools": [
    "<string>"
  ],
  "blocked_tools": [
    "<string>"
  ]
}
'
{
  "id": "<string>",
  "name": "<string>",
  "service_id": "<string>",
  "status": "<string>",
  "description": "<string>",
  "created_at": "2023-11-07T05:31:56Z",
  "created_by_user": {
    "id": "<string>",
    "email": "<string>",
    "name": "<string>",
    "tenant_id": "<string>",
    "profile_picture_url": "<string>",
    "phone_number": "<string>",
    "created_at": "<string>",
    "last_login": "<string>"
  },
  "api_client_id": "<string>",
  "api_client_id_masked_secret": "<string>",
  "kafka_username": "<string>",
  "roles": [
    {
      "id": "<string>",
      "key": "<string>",
      "name": "<string>",
      "description": "<string>",
      "created_at": "<string>",
      "updated_at": "<string>",
      "permissions": [
        "<string>"
      ]
    }
  ],
  "last_used_at": "2023-11-07T05:31:56Z",
  "tool_profile": "full",
  "allowed_tools": [
    "<string>"
  ],
  "blocked_tools": [
    "<string>"
  ],
  "new_api_credentials": {
    "client_id": "<string>",
    "client_secret": "<string>",
    "token_endpoint": "<string>",
    "api_url": "<string>",
    "roles": [
      "<string>"
    ]
  },
  "new_kafka_credentials": {
    "username": "<string>",
    "password": "<string>",
    "bootstrap_servers": "<string>",
    "security_protocol": "SASL_SSL",
    "sasl_mechanism": "PLAIN",
    "schema_registry_url": "<string>"
  },
  "token_ttl_seconds": 123,
  "warnings": [
    "<string>"
  ]
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

project_key_id
string
required

Body

application/json

Request body for updating a Project Key.

name
string | null

Updated name

Required string length: 1 - 100
description
string | null

Updated description (HTML sanitized)

role_ids
string[] | null

Change the Frontegg roles for this PK, or assign roles when adding API access to a Kafka-only PK. Note: changing roles on an existing API credential only takes effect when the current JWT expires. See token_ttl_seconds in the detail response for the validity window.

Minimum array length: 1
permission_ids
string[] | null

Assign fine-grained permissions when ADDING API access to a Kafka-only PK. Changing permissions on an existing API credential is NOT supported — to change permissions on an existing PK, either switch to role_ids or delete and recreate the PK. This field is only accepted when the PK has no api_client_id yet.

Minimum array length: 1
kafka_acls
KafkaAclModel · object[] | null
whitelist_ips
string | null
kafka_config
ProjectKeyKafkaConfig · object

Add Kafka access to a PK that currently has none. Only valid when the PK has no Kafka user yet.

kafka_password
string | null

Rotate the Kafka SASL password for an existing Kafka user. PK must have kafka_username.

Required string length: 12 - 128
tool_profile
enum<string> | null
Available options:
full,
read-only,
agent-operator,
infra-admin
allowed_tools
string[] | null
blocked_tools
string[] | null

Response

Successful Response

Response for PATCH /project-keys/{id}.

Extends the summary with plaintext secrets when an additive capability transition occurred. For regular updates (no capability change), both new_api_credentials and new_kafka_credentials are None.

id
string
required
name
string
required
service_id
string
required
status
string
required
description
string | null
created_at
string<date-time> | null
created_by_user
User · object
api_client_id
string | null
api_client_id_masked_secret
string | null
kafka_username
string | null
roles
Role · object[]
last_used_at
string<date-time> | null
tool_profile
enum<string> | null
Available options:
full,
read-only,
agent-operator,
infra-admin
allowed_tools
string[] | null
blocked_tools
string[] | null
new_api_credentials
ProjectKeyApiCredentials · object

Present only when API credentials were ADDED to a Kafka-only PK. Contains the plaintext client_secret — shown only once.

new_kafka_credentials
ProjectKeyKafkaCredentials · object

Present only when Kafka access was ADDED to an API-only PK. Contains the plaintext Kafka password — shown only once.

token_ttl_seconds
integer

Current Frontegg JWT TTL in seconds (dynamic). Used by the frontend to compute how long role changes take to propagate.

warnings
string[]

Non-blocking informational messages the frontend should surface to the user after the update (e.g. 'role changes take effect within X hours'). Empty list when there is nothing to warn about.