Skip to main content
PATCH
/
v1
/
organizations
/
users
/
{user_email}
/
api-keys
/
{key_name}
Update Api Key
curl --request PATCH \
  --url https://api.mixpeek.com/v1/organizations/users/{user_email}/api-keys/{key_name} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "name": "<string>",
  "description": "<string>",
  "permissions": [
    "read"
  ],
  "scopes": [
    {
      "description": "Full namespace access (data + infrastructure)",
      "resource_id": "ns_production",
      "resource_type": "namespace"
    }
  ],
  "rate_limit_override": 2,
  "expires_at": "2023-11-07T05:31:56Z",
  "status": "active"
}'
{
  "created_at": "2025-01-01T00:00:00Z",
  "created_by": "usr_admin",
  "description": "Service account for ingestion",
  "internal_id": "int_x1y2z3",
  "key_hash": "2c26b46b68ffc68ff99b453c1d304134",
  "key_id": "key_a1b2c3d4e5f6g7h",
  "key_prefix": "sk_abc123...",
  "name": "backend-service",
  "organization_id": "org_demo123",
  "permissions": [
    "read",
    "write"
  ],
  "scopes": [],
  "status": "active",
  "user_id": "usr_a1b2c3d4e5f6g7h"
}

Authorizations

​
Authorization
string
header
required

Bearer token authentication using your API key. Format: 'Bearer your_api_key'. To get an API key, create an account at mixpeek.com/start and generate a key in your account settings.

Headers

​
Authorization
string
required

REQUIRED: Bearer token authentication using your API key. Format: 'Bearer sk_xxxxxxxxxxxxx'. You can create API keys in the Mixpeek dashboard under Organization Settings.

Examples:

"Bearer sk_live_abc123def456"

"Bearer sk_test_xyz789"

Path Parameters

​
user_email
string
required
​
key_name
string
required

Body

application/json

Partial update payload for an API key.

​
name
string | null

New key label.

Required string length: 1 - 100
​
description
string | null

Updated description for the key.

Maximum length: 500
​
permissions
enum<string>[] | null

Replace existing permissions with the provided list.

​
scopes
ResourceScope Β· object[] | null

Replace existing scopes. Use empty list for global access.

​
rate_limit_override
integer | null

Updated per-key rate limit override.

Required range: x >= 1
​
expires_at
string<date-time> | null

New expiration timestamp. Use null to remove expiration.

​
status
enum<string> | null

Manually set key status (e.g. revoke). Lifecycle state of an API key.

Status determines whether an API key can be used for authentication:

  • ACTIVE: Key is valid and can be used for API requests. Last_used_at timestamp is updated on each successful authentication.
  • REVOKED: Key has been manually revoked by an admin or user. Cannot be reactivated. A new key must be created instead.
  • EXPIRED: Key has passed its expires_at timestamp. Automatically set by the authentication system. Cannot be reactivated.
Available options:
active,
revoked,
expired

Response

Successful Response

API key document stored in MongoDB.

​
key_hash
string
required

SHA-256 hash of the plaintext key.

​
internal_id
string
required

Organization internal identifier.

​
user_id
string
required

Identifier of the user who owns the key.

​
name
string
required

Human-friendly key label.

​
key_id
string

Public identifier for the API key.

​
key_prefix
string | null

Visible prefix of the API key for user identification (e.g., 'sk_abc123...'). Shows the first 10 characters of the plaintext key to help users identify which key is which in lists, without exposing the full secret. This follows industry best practices from GitHub, Stripe, and AWS. Generated automatically for new keys. Older keys may not have this field.

Required string length: 10 - 13
Examples:

"sk_abc123..."

"sk_xyz789..."

​
organization_id
string | null

Organization public identifier (denormalized).

​
description
string
default:""

Optional description explaining the key usage.

​
permissions
enum<string>[]

Permissions granted to the key (least privilege recommended).

​
scopes
ResourceScope Β· object[]

Resource-level scopes restricting the key.

​
rate_limit_override
integer | null

Optional per-key rate limit override in requests per minute.

​
status
enum<string>

Lifecycle status of the key (active, revoked, expired).

Available options:
active,
revoked,
expired
​
expires_at
string<date-time> | null

UTC timestamp when the key automatically expires.

​
last_used_at
string<date-time> | null

UTC timestamp of the last successful request using the key.

​
created_at
string<date-time>

UTC timestamp when the key was created.

​
created_by
string | null

User identifier that created the key.

​
revoked_at
string<date-time> | null

UTC timestamp when the key was revoked (if applicable).

​
revoked_by
string | null

User identifier that revoked the key (if applicable).