> ## Documentation Index > Fetch the complete documentation index at: https://docs.streamkap.com/llms.txt > Use this file to discover all available pages before exploring further. # Update Project Key > Update a Project Key's name, description, roles, tool scoping, or Kafka ACLs. Supports additive capability transitions: - Send `kafka_config` on an API-only PK to add Kafka access. Response will include `new_kafka_credentials` with the plaintext Kafka password (shown once). - Send `role_ids` or `permission_ids` on a Kafka-only PK to add API credentials. Response will include `new_api_credentials` with the plaintext client_secret (shown once). Returns 400 if the key is in creating/deleting/delete_failed state. role_ids and permission_ids are mutually exclusive. ## OpenAPI ````yaml /openapi/openapi.json patch /project-keys/{project_key_id} openapi: 3.1.0 info: title: Streamkap REST API description: >- The Streamkap REST API allows you to programmatically manage your CDC pipelines, sources, destinations, transforms, and more. Authenticate using a bearer token obtained from the [Access Token](/api-reference/auth/access-token) endpoint with your API client credentials. contact: name: Streamkap Support url: https://streamkap.com/ email: support@streamkap.com license: name: Proprietary version: 2.0.0 servers: - url: https://api.streamkap.com description: Production security: [] tags: - name: Alerts description: Manage alert subscribers, preferences, and notification credentials. - name: Authentication description: Obtain and refresh access tokens, manage client credentials and roles. - name: Billing description: Retrieve usage metrics, summaries, and export billing data. - name: Consumer Groups description: List, inspect, and reset Kafka consumer group offsets. - name: Dashboard description: Retrieve organisation-level statistics and overview data. - name: Destinations description: Create, configure, and manage data destinations and their lifecycle. - name: Kafka Access description: Manage Kafka users and their access permissions. - name: Logs description: Query and summarise system logs. - name: Pipelines description: Create, configure, and manage CDC pipelines and their lifecycle. - name: Project Keys description: Manage project keys that bundle API credentials and optional Kafka access. - name: Schema Registry description: Browse schema subjects, versions, and retrieve schema definitions. - name: Services description: View and switch service metadata. - name: Sources description: >- Create, configure, and manage data sources, snapshots, and their lifecycle. - name: Tags description: Create, update, and manage resource tags for organisation. - name: Topics description: Browse topic details, statistics, configurations, metrics, and messages. - name: Transforms description: >- Create, deploy, and manage data transforms, unit tests, and implementation details. paths: /project-keys/{project_key_id}: patch: tags: - Project Keys summary: Update Project Key description: >- Update a Project Key's name, description, roles, tool scoping, or Kafka ACLs. Supports additive capability transitions: - Send `kafka_config` on an API-only PK to add Kafka access. Response will include `new_kafka_credentials` with the plaintext Kafka password (shown once). - Send `role_ids` or `permission_ids` on a Kafka-only PK to add API credentials. Response will include `new_api_credentials` with the plaintext client_secret (shown once). Returns 400 if the key is in creating/deleting/delete_failed state. role_ids and permission_ids are mutually exclusive. operationId: updateProjectKey parameters: - name: project_key_id in: path required: true schema: type: string title: Project Key Id requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ProjectKeyUpdateRequest' responses: '200': description: Successful Response content: application/json: schema: $ref: '#/components/schemas/ProjectKeyUpdateResponse' '422': description: Validation Error content: application/json: schema: $ref: '#/components/schemas/HTTPValidationError' security: - FronteggHTTPAuthentication: [] components: schemas: ProjectKeyUpdateRequest: properties: name: anyOf: - type: string maxLength: 100 minLength: 1 - type: 'null' title: Name description: Updated name description: anyOf: - type: string - type: 'null' title: Description description: Updated description (HTML sanitized) role_ids: anyOf: - items: type: string type: array minItems: 1 - type: 'null' title: Role Ids description: >- Change the Frontegg roles for this PK, or assign roles when adding API access to a Kafka-only PK. Note: changing roles on an existing API credential only takes effect when the current JWT expires. See token_ttl_seconds in the detail response for the validity window. permission_ids: anyOf: - items: type: string type: array minItems: 1 - type: 'null' title: Permission Ids description: >- Assign fine-grained permissions when ADDING API access to a Kafka-only PK. Changing permissions on an existing API credential is NOT supported — to change permissions on an existing PK, either switch to role_ids or delete and recreate the PK. This field is only accepted when the PK has no api_client_id yet. kafka_acls: anyOf: - items: $ref: '#/components/schemas/KafkaAclModel' type: array - type: 'null' title: Kafka Acls whitelist_ips: anyOf: - type: string - type: 'null' title: Whitelist Ips kafka_config: anyOf: - $ref: '#/components/schemas/ProjectKeyKafkaConfig' - type: 'null' description: >- Add Kafka access to a PK that currently has none. Only valid when the PK has no Kafka user yet. kafka_password: anyOf: - type: string maxLength: 128 minLength: 12 - type: 'null' title: Kafka Password description: >- Rotate the Kafka SASL password for an existing Kafka user. PK must have kafka_username. tool_profile: anyOf: - $ref: '#/components/schemas/ToolProfile' - type: 'null' allowed_tools: anyOf: - items: type: string type: array - type: 'null' title: Allowed Tools blocked_tools: anyOf: - items: type: string type: array - type: 'null' title: Blocked Tools additionalProperties: true type: object title: ProjectKeyUpdateRequest description: Request body for updating a Project Key. ProjectKeyUpdateResponse: properties: id: type: string title: Id name: type: string title: Name description: anyOf: - type: string - type: 'null' title: Description created_at: anyOf: - type: string format: date-time - type: 'null' title: Created At created_by_user: anyOf: - $ref: '#/components/schemas/User' - type: 'null' api_client_id: anyOf: - type: string - type: 'null' title: Api Client Id api_client_id_masked_secret: anyOf: - type: string - type: 'null' title: Api Client Id Masked Secret kafka_username: anyOf: - type: string - type: 'null' title: Kafka Username service_id: type: string title: Service Id roles: items: $ref: '#/components/schemas/Role' type: array title: Roles status: type: string title: Status last_used_at: anyOf: - type: string format: date-time - type: 'null' title: Last Used At tool_profile: anyOf: - $ref: '#/components/schemas/ToolProfile' - type: 'null' allowed_tools: anyOf: - items: type: string type: array - type: 'null' title: Allowed Tools blocked_tools: anyOf: - items: type: string type: array - type: 'null' title: Blocked Tools new_api_credentials: anyOf: - $ref: '#/components/schemas/ProjectKeyApiCredentials' - type: 'null' description: >- Present only when API credentials were ADDED to a Kafka-only PK. Contains the plaintext client_secret — shown only once. new_kafka_credentials: anyOf: - $ref: '#/components/schemas/ProjectKeyKafkaCredentials' - type: 'null' description: >- Present only when Kafka access was ADDED to an API-only PK. Contains the plaintext Kafka password — shown only once. token_ttl_seconds: type: integer title: Token Ttl Seconds description: >- Current Frontegg JWT TTL in seconds (dynamic). Used by the frontend to compute how long role changes take to propagate. warnings: items: type: string type: array title: Warnings description: >- Non-blocking informational messages the frontend should surface to the user after the update (e.g. 'role changes take effect within X hours'). Empty list when there is nothing to warn about. additionalProperties: true type: object required: - id - name - service_id - status title: ProjectKeyUpdateResponse description: >- Response for PATCH /project-keys/{id}. Extends the summary with plaintext secrets when an additive capability transition occurred. For regular updates (no capability change), both `new_api_credentials` and `new_kafka_credentials` are None. HTTPValidationError: properties: detail: items: $ref: '#/components/schemas/ValidationError' type: array title: Detail type: object title: HTTPValidationError KafkaAclModel: properties: topic_name: type: string title: Topic Name operation: type: string title: Operation resource_pattern_type: type: string title: Resource Pattern Type resource: type: string title: Resource default: TOPIC additionalProperties: true type: object required: - topic_name - operation - resource_pattern_type title: KafkaAclModel description: Basic kafka user details. ProjectKeyKafkaConfig: properties: username: type: string maxLength: 24 minLength: 3 pattern: ^[a-zA-Z0-9-]+$ title: Username description: Kafka username (alphanumeric + hyphens, 3-24 chars) password: type: string maxLength: 128 minLength: 12 title: Password description: Kafka SASL password (12-128 chars) whitelist_ips: anyOf: - type: string maxLength: 1000 - type: 'null' title: Whitelist Ips description: Comma-separated IP addresses or CIDR ranges kafka_acls: items: $ref: '#/components/schemas/KafkaAclModel' type: array title: Kafka Acls description: Kafka ACL rules for topic/group access control is_create_schema_registry: type: boolean title: Is Create Schema Registry description: Whether to create a Schema Registry proxy default: false additionalProperties: true type: object required: - username - password title: ProjectKeyKafkaConfig description: Kafka user configuration for a Project Key. ToolProfile: type: string enum: - full - read-only - agent-operator - infra-admin title: ToolProfile User: properties: id: type: string title: Id email: type: string title: Email name: type: string title: Name profile_picture_url: anyOf: - type: string - type: 'null' title: Profile Picture Url phone_number: anyOf: - type: string - type: 'null' title: Phone Number tenant_id: type: string title: Tenant Id created_at: anyOf: - type: string - type: string format: date-time - type: 'null' title: Created At last_login: anyOf: - type: string - type: string format: date-time - type: 'null' title: Last Login type: object required: - id - email - name - tenant_id title: User Role: properties: id: type: string title: Id key: type: string title: Key name: type: string title: Name description: anyOf: - type: string - type: 'null' title: Description created_at: anyOf: - type: string - type: string format: date-time - type: 'null' title: Created At updated_at: anyOf: - type: string - type: string format: date-time - type: 'null' title: Updated At permissions: items: type: string type: array title: Permissions type: object required: - id - key - name - description title: Role ProjectKeyApiCredentials: properties: client_id: type: string title: Client Id client_secret: type: string title: Client Secret token_endpoint: type: string title: Token Endpoint api_url: type: string title: Api Url roles: items: type: string type: array title: Roles additionalProperties: true type: object required: - client_id - client_secret - token_endpoint - api_url title: ProjectKeyApiCredentials description: API credential section of the credential file. ProjectKeyKafkaCredentials: properties: username: type: string title: Username password: type: string title: Password bootstrap_servers: type: string title: Bootstrap Servers security_protocol: type: string title: Security Protocol default: SASL_SSL sasl_mechanism: type: string title: Sasl Mechanism default: PLAIN schema_registry_url: anyOf: - type: string - type: 'null' title: Schema Registry Url additionalProperties: true type: object required: - username - password - bootstrap_servers title: ProjectKeyKafkaCredentials description: Kafka credential section of the credential file. ValidationError: properties: loc: items: anyOf: - type: string - type: integer type: array title: Location msg: type: string title: Message type: type: string title: Error Type input: title: Input ctx: type: object title: Context type: object required: - loc - msg - type title: ValidationError securitySchemes: FronteggHTTPAuthentication: type: http scheme: bearer ````