Skip to main content
PUT
https://nmixhdvexhgizmxlnhqi.supabase.co
/
functions
/
v1
/
edit-api-key
Edit API Key
curl --request PUT \
  --url https://nmixhdvexhgizmxlnhqi.supabase.co/functions/v1/edit-api-key \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "key_id": "<string>",
  "name": "<string>",
  "description": "<string>",
  "scopes": [
    {}
  ],
  "domains": [
    {}
  ],
  "ip_whitelist": [
    {}
  ],
  "rate_limit": 123,
  "expires_at": "<string>"
}
'
{
  "success": true,
  "key": {
    "id": "01HN2X4Y8Z9ABCDEF123456789",
    "name": "Updated API Key Name",
    "description": "Updated description for this key",
    "key_type": "pk",
    "environment": "test",
    "key_prefix": "pk_test_",
    "scopes": ["enc.tiles:read", "features.search:read"],
    "domains": ["https://myapp.com", "https://*.myapp.com"],
    "ip_whitelist": [],
    "rate_limit": 1000,
    "is_active": true,
    "expires_at": null,
    "created_at": "2024-01-15T10:30:00Z",
    "updated_at": "2024-01-15T14:45:00Z",
    "created_by": "01HN2X3Y7W8VBCDEFG123456",
    "team_id": "01HN2X2Y6V7UBCDEFG123456"
  }
}

Overview

Update the configuration of an existing API key without changing the key value itself. This endpoint allows you to modify permissions, domain restrictions, IP allowlists, and other metadata.
The actual key value cannot be modified. To get a new key value, use the Regenerate API Key endpoint.

Authentication

This endpoint requires authentication using a secret API key with appropriate team permissions. 
curl -X PUT "https://nmixhdvexhgizmxlnhqi.supabase.co/functions/v1/edit-api-key" \
  -H "Authorization: Bearer sk_test_..." \
  -H "Content-Type: application/json" \
  -d '{
    "key_id": "01HN2X4Y8Z9ABCDEF123456789",
    "name": "Updated API Key Name",
    "description": "Updated description for this key",
    "scopes": ["enc.tiles:read", "features.search:read"],
    "domains": ["https://myapp.com", "https://*.myapp.com"],
    "ip_whitelist": ["192.168.1.0/24", "10.0.0.1"]
  }'

Request Body

key_id
string
required
The unique identifier of the API key to update
name
string
A descriptive name for the API key (max 100 characters)
description
string
Optional description explaining the key’s purpose (max 500 characters)
scopes
array
Array of permission scopes to grant this key. Available scopes:
  • enc.tiles:read - Access to chart tile data
  • enc.mbtile:download - Download MBTile packages
  • interact.identify:read - Chart interaction features
  • offline.packages:download - Offline chart packages
  • features.search:read - Chart feature search
  • query.spatial:read - Spatial queries
domains
array
For public keys only. Array of allowed domains/origins:
  • Exact domains: https://myapp.com
  • Wildcard subdomains: https://*.myapp.com
  • Development: http://localhost:3000
ip_whitelist
array
For secret keys only. Array of allowed IP addresses/ranges:
  • Single IPs: 192.168.1.100
  • CIDR ranges: 192.168.1.0/24
  • IPv6 supported: 2001:db8::/32
rate_limit
integer
Custom rate limit (requests per minute). Must be within plan limits.
expires_at
string
Optional expiration date in ISO 8601 format: 2024-12-31T23:59:59Z

Response

success
boolean
Indicates if the key was successfully updated
key
object
The updated API key object

Example Response

{
  "success": true,
  "key": {
    "id": "01HN2X4Y8Z9ABCDEF123456789",
    "name": "Updated API Key Name",
    "description": "Updated description for this key",
    "key_type": "pk",
    "environment": "test",
    "key_prefix": "pk_test_",
    "scopes": ["enc.tiles:read", "features.search:read"],
    "domains": ["https://myapp.com", "https://*.myapp.com"],
    "ip_whitelist": [],
    "rate_limit": 1000,
    "is_active": true,
    "expires_at": null,
    "created_at": "2024-01-15T10:30:00Z",
    "updated_at": "2024-01-15T14:45:00Z",
    "created_by": "01HN2X3Y7W8VBCDEFG123456",
    "team_id": "01HN2X2Y6V7UBCDEFG123456"
  }
}

Error Codes

400
Bad Request
Invalid request parameters or malformed JSON
401
Unauthorized
Invalid or missing API key
403
Forbidden
Insufficient permissions to edit this API key
404
Not Found
API key not found or not accessible
422
Unprocessable Entity
Validation errors (invalid scopes, malformed domains/IPs)
429
Rate Limited
Too many requests, retry after the specified time

Notes

Permissions Required

  • Team Owner/Admin: Can edit any team API key
  • Key Creator: Can edit keys they created (if still a team member)

Validation Rules

  • Scopes: Must be valid and within your plan limits
  • Domains: Must include protocol (https:// or http://)
  • IP Addresses: Must be valid IPv4/IPv6 addresses or CIDR ranges
  • Rate Limits: Cannot exceed your plan’s maximum rate limit

Audit Trail

All key modifications are logged in the audit trail with:
  • Who made the change
  • What was changed (old vs new values)
  • When the change occurred
  • IP address of the requester

Best Practices

  • Use descriptive names and descriptions for easier management
  • Apply principle of least privilege when setting scopes
  • Regularly review and update domain/IP restrictions
  • Set expiration dates for temporary keys
  • Monitor key usage after making changes