Patch
/sys/v1/apps/{app_id}
Update app settings like groups, client config, etc.
Security
HTTP
Type bearer
API Key
Header parameter nameAuthorization
Path parameters
app_id
string (uuid) Required
Query parameters
GetAppParams
object
group_permissions
boolean
role
string
Body parameters
object
account_membership
object
roles
Array of object (AppAccountRoleDescriptor) Required
OneOf
object
object
$type
string Required
Valid values[
"SystemDefined"
]
value
string Required
Valid values[
"AccountAdministrator",
"AccountMember",
"AccountAuditor"
]
object
object
$type
string Required
Valid values[
"Custom"
]
value
string (uuid) Required
add_groups
OneOf
object
object
property*
Array of string (AppPermissions) additionalProperties
string
Valid values[
"SIGN",
"VERIFY",
"ENCRYPT",
"DECRYPT",
"WRAPKEY",
"UNWRAPKEY",
"DERIVEKEY",
"MACGENERATE",
"MACVERIFY",
"EXPORT",
"MANAGE",
"AGREEKEY",
"MASKDECRYPT",
"AUDIT",
"TRANSFORM",
"CREATE_SOBJECTS",
"COPY_SOBJECTS",
"ROTATE_SOBJECTS",
"ACTIVATE_SOBJECTS",
"REVOKE_SOBJECTS",
"REVERT_SOBJECTS",
"MOVE_SOBJECTS",
"UPDATE_SOBJECTS_PROFILE",
"UPDATE_SOBJECTS_ENABLED_STATE",
"UPDATE_SOBJECT_POLICIES",
"UPDATE_KEY_OPS",
"DELETE_KEY_MATERIAL",
"DELETE_SOBJECTS",
"DESTROY_SOBJECTS",
"RESTORE_EXTERNAL_SOBJECTS",
"CALCULATE_DIGEST",
"ENCAPSULATE",
"DECAPSULATE"
]
array
array
string (uuid)
app_type
string | null
client_configurations
object
common
OneOf
string
string
Valid values[
"remove"
]
object
object
retry_timeout_millis
integer | null
cache_ttl
integer | null
log
object
system
boolean | null
file
OneOf
object
object
mode
string Required
Valid values[
"enabled"
]
path
string | null
file_size_kb
integer | null
max_files
integer | null
Minimum0
Maximum4294967295
object
object
mode
string Required
Valid values[
"disabled"
]
level
string | null
h2_num_connections
integer | null
quorum_approval
object
wait_for_quorum_approval
object
enabled
boolean Required
poll_interval_secs
integer | null
max_wait_for_secs
integer | null
pkcs11
OneOf
string
string
Valid values[
"remove"
]
object
object
fake_rsa_x9_31_keygen_support
boolean | null
signing_aes_key_as_hmac
boolean | null
exact_key_ops
boolean | null
prevent_duplicate_opaque_objects
boolean | null
opaque_objects_are_not_certificates
boolean | null
max_concurrent_requests_per_slot
integer | null
kmip
OneOf
string
string
Valid values[
"remove"
]
object
object
ignore_unknown_key_ops_for_secrets
boolean | null
ignore_unknown_key_ops_for
OneOf
object
object
$type
string Required
Valid values[
"All"
]
object
object
$type
string Required
Valid values[
"Selection"
]
selection
Array of string (ObjectType) Required
string
Valid values[
"AES",
"ARIA",
"DES",
"DES3",
"SEED",
"RSA",
"DSA",
"EC",
"KCDSA",
"ECKCDSA",
"BIP32",
"BLS",
"OPAQUE",
"HMAC",
"LEDABETA",
"ROUND5BETA",
"SECRET",
"LMS",
"XMSS",
"MLDSA",
"MLDSABETA",
"MLKEM",
"MLKEMBETA",
"CERTIFICATE",
"PBE"
]
key_ops_override
object
add_key_ops
Array of string | null
string
Valid values[
"SIGN",
"VERIFY",
"ENCRYPT",
"DECRYPT",
"WRAPKEY",
"UNWRAPKEY",
"DERIVEKEY",
"TRANSFORM",
"MACGENERATE",
"MACVERIFY",
"EXPORT",
"APPMANAGEABLE",
"HIGHVOLUME",
"AGREEKEY",
"ENCAPSULATE",
"DECAPSULATE"
]
tep
OneOf
string
string
Valid values[
"remove"
]
object
object
schema
OneOf
object
object
$type
string Required
Valid values[
"OpenAPI"
]
openapi
string
key_map
Array of object Required
object
path
object Required
api_path
string Required
method
string Required
context
string Required
Valid values[
"request",
"response"
]
key_path
string Required
kid
string (uuid) Required
mode
string Required
Valid values[
"ECB",
"CBC",
"CBCNOPAD",
"CFB",
"OFB",
"CTR",
"GCM",
"CCM",
"KW",
"KWP",
"FF1"
]
credential
OneOf
AppCredentialVariantSecret
object (AppCredentialVariantSecret)
secret
string Required
AppCredentialVariantCertificate
object (AppCredentialVariantCertificate)
certificate
string (byte) Required
AppCredentialVariantTrustedCa
object (AppCredentialVariantTrustedCa)
trustedca
ca_certificate
string (byte) Required
check_revocation
boolean | null
OneOf
TrustAnchorSubjectVariantSubject
object (TrustAnchorSubjectVariantSubject)
subject
Array of array Required
Array of string
Min items2
Max items2
string
TrustAnchorSubjectVariantSubjectGeneral
object (TrustAnchorSubjectVariantSubjectGeneral)
subject_general
OneOf
SubjectGeneralVariantDirectoryName
object (SubjectGeneralVariantDirectoryName)
directory_name
Array of array Required
Array of string
Min items2
Max items2
string
SubjectGeneralVariantDnsName
object (SubjectGeneralVariantDnsName)
dns_name
string Required
SubjectGeneralVariantIpAddress
object (SubjectGeneralVariantIpAddress)
ip_address
OneOf
string (ipv4)
string
string (ipv6)
string
AppCredentialVariantGoogleServiceAccount
object (AppCredentialVariantGoogleServiceAccount)
googleserviceaccount
object Required
access_reason_policy
object
allow
Array of string (GoogleAccessReason) Required
string
Valid values[
"REASON_UNSPECIFIED",
"CUSTOMER_INITIATED_SUPPORT",
"GOOGLE_INITIATED_SERVICE",
"THIRD_PARTY_DATA_REQUEST",
"GOOGLE_INITIATED_REVIEW",
"CUSTOMER_INITIATED_ACCESS",
"GOOGLE_INITIATED_SYSTEM_OPERATION",
"REASON_NOT_EXPECTED",
"MODIFIED_CUSTOMER_INITIATED_ACCESS",
"MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION",
"GOOGLE_RESPONSE_TO_PRODUCTION_ALERT",
"CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING"
]
allow_missing_reason
boolean Required
groups
object | null
property*
Array of string (GcpAppPermissions) additionalProperties
string
Valid values[
"CRYPTO_SPACE_GET_INFO",
"CRYPTO_SPACE_GET_PUBLIC_KEY"
]
AppCredentialVariantSignedJwt
object (AppCredentialVariantSignedJwt)
signedjwt
object Required
valid_issuers
Array of string Required
string
signing_keys
OneOf
object
object
kind
string Required
Valid values[
"stored"
]
keys
object Required
property*
string (byte) additionalProperties
object
object
kind
string Required
Valid values[
"fetched"
]
url
string Required
cache_duration
integer Required
AppCredentialVariantLdap
object (AppCredentialVariantLdap)
ldap
string (uuid) Required
AppCredentialVariantAwsIam
object (AppCredentialVariantAwsIam)
awsiam
object Required
AppCredentialVariantAwsXks
object (AppCredentialVariantAwsXks)
awsxks
object Required
access_key_id
string | null
secret_key
string
AppCredentialVariantGoogleWorkspaceCse
object (AppCredentialVariantGoogleWorkspaceCse)
googleworkspacecse
object Required
credential_migration_period
integer | null
Minimum0
Maximum4294967295
default_group
string (uuid) | null
del_groups
Array of string | null
string (uuid)
description
string | null
enabled
boolean | null
interface
string | null
ip_address_policy
OneOf
string
string
Valid values[
"allow_all"
]
IpAddressPolicyVariantWhitelist
object (IpAddressPolicyVariantWhitelist)
whitelist
Array of string Required
string
mod_groups
OneOf
object
object
property*
Array of string (AppPermissions) additionalProperties
string
Valid values[
"SIGN",
"VERIFY",
"ENCRYPT",
"DECRYPT",
"WRAPKEY",
"UNWRAPKEY",
"DERIVEKEY",
"MACGENERATE",
"MACVERIFY",
"EXPORT",
"MANAGE",
"AGREEKEY",
"MASKDECRYPT",
"AUDIT",
"TRANSFORM",
"CREATE_SOBJECTS",
"COPY_SOBJECTS",
"ROTATE_SOBJECTS",
"ACTIVATE_SOBJECTS",
"REVOKE_SOBJECTS",
"REVERT_SOBJECTS",
"MOVE_SOBJECTS",
"UPDATE_SOBJECTS_PROFILE",
"UPDATE_SOBJECTS_ENABLED_STATE",
"UPDATE_SOBJECT_POLICIES",
"UPDATE_KEY_OPS",
"DELETE_KEY_MATERIAL",
"DELETE_SOBJECTS",
"DESTROY_SOBJECTS",
"RESTORE_EXTERNAL_SOBJECTS",
"CALCULATE_DIGEST",
"ENCAPSULATE",
"DECAPSULATE"
]
array
array
string (uuid)
name
string | null
Max length4096
Pattern^[^\n]*[^\s\n][^\n]*$
oauth_config
OneOf
object
object
state
string Required
Valid values[
"enabled"
]
redirect_uris
Array of string Required
string
object
object
state
string Required
Valid values[
"disabled"
]
role
string
Valid values[
"admin",
"crypto"
]
secret_size
integer | null
Minimum0
Maximum4294967295
Responses
2XX
Success result
object
account_membership
object
roles
Array of object (AppAccountRoleDescriptor)
OneOf
object
object
$type
string
Valid values[
"SystemDefined"
]
value
string
Valid values[
"AccountAdministrator",
"AccountMember",
"AccountAuditor"
]
object
object
$type
string
Valid values[
"Custom"
]
value
string (uuid)
acct_id
string (uuid)
app_id
string (uuid)
app_type
string
auth_type
string
Valid values[
"Secret",
"Certificate",
"TrustedCa",
"GoogleServiceAccount",
"SignedJwt",
"Ldap",
"AwsIam",
"AwsXks",
"GoogleWorkspaceCSE"
]
cert_not_after
string
Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$
client_configurations
object
common
object
retry_timeout_millis
integer | null
cache_ttl
integer | null
log
object
system
boolean | null
file
OneOf
object
object
mode
string
Valid values[
"enabled"
]
path
string | null
file_size_kb
integer | null
max_files
integer | null
Minimum0
Maximum4294967295
object
object
mode
string
Valid values[
"disabled"
]
level
string | null
h2_num_connections
integer | null
quorum_approval
object
wait_for_quorum_approval
object
enabled
boolean
poll_interval_secs
integer | null
max_wait_for_secs
integer | null
pkcs11
object
fake_rsa_x9_31_keygen_support
boolean | null
signing_aes_key_as_hmac
boolean | null
exact_key_ops
boolean | null
prevent_duplicate_opaque_objects
boolean | null
opaque_objects_are_not_certificates
boolean | null
max_concurrent_requests_per_slot
integer | null
kmip
object
ignore_unknown_key_ops_for_secrets
boolean | null
ignore_unknown_key_ops_for
OneOf
object
object
$type
string
Valid values[
"All"
]
object
object
$type
string
Valid values[
"Selection"
]
selection
Array of string (ObjectType)
string
Valid values[
"AES",
"ARIA",
"DES",
"DES3",
"SEED",
"RSA",
"DSA",
"EC",
"KCDSA",
"ECKCDSA",
"BIP32",
"BLS",
"OPAQUE",
"HMAC",
"LEDABETA",
"ROUND5BETA",
"SECRET",
"LMS",
"XMSS",
"MLDSA",
"MLDSABETA",
"MLKEM",
"MLKEMBETA",
"CERTIFICATE",
"PBE"
]
key_ops_override
object
add_key_ops
Array of string | null
string
Valid values[
"SIGN",
"VERIFY",
"ENCRYPT",
"DECRYPT",
"WRAPKEY",
"UNWRAPKEY",
"DERIVEKEY",
"TRANSFORM",
"MACGENERATE",
"MACVERIFY",
"EXPORT",
"APPMANAGEABLE",
"HIGHVOLUME",
"AGREEKEY",
"ENCAPSULATE",
"DECAPSULATE"
]
tep
object
schema
OneOf
object
object
$type
string
Valid values[
"OpenAPI"
]
openapi
string
key_map
Array of object
object
path
object
api_path
string
method
string
context
string
Valid values[
"request",
"response"
]
key_path
string
kid
string (uuid)
mode
string
Valid values[
"ECB",
"CBC",
"CBCNOPAD",
"CFB",
"OFB",
"CTR",
"GCM",
"CCM",
"KW",
"KWP",
"FF1"
]
created_at
string
Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$
creator
OneOf
PrincipalVariantApp
object (PrincipalVariantApp)
app
string (uuid)
PrincipalVariantUser
object (PrincipalVariantUser)
user
string (uuid)
PrincipalVariantPlugin
object (PrincipalVariantPlugin)
plugin
string (uuid)
PrincipalVariantUserViaApp
object (PrincipalVariantUserViaApp)
userviaapp
object
user_id
string (uuid)
scopes
Array of string (OauthScope)
string
Valid values[
"app",
"openid",
"email",
"profile"
]
string
string
Valid values[
"system"
]
string
string
Valid values[
"unregistereduser"
]
default_group
string (uuid) | null
description
string | null
enabled
boolean
groups
OneOf
object
object
property*
Array of string (AppPermissions) additionalProperties
string
Valid values[
"SIGN",
"VERIFY",
"ENCRYPT",
"DECRYPT",
"WRAPKEY",
"UNWRAPKEY",
"DERIVEKEY",
"MACGENERATE",
"MACVERIFY",
"EXPORT",
"MANAGE",
"AGREEKEY",
"MASKDECRYPT",
"AUDIT",
"TRANSFORM",
"CREATE_SOBJECTS",
"COPY_SOBJECTS",
"ROTATE_SOBJECTS",
"ACTIVATE_SOBJECTS",
"REVOKE_SOBJECTS",
"REVERT_SOBJECTS",
"MOVE_SOBJECTS",
"UPDATE_SOBJECTS_PROFILE",
"UPDATE_SOBJECTS_ENABLED_STATE",
"UPDATE_SOBJECT_POLICIES",
"UPDATE_KEY_OPS",
"DELETE_KEY_MATERIAL",
"DELETE_SOBJECTS",
"DESTROY_SOBJECTS",
"RESTORE_EXTERNAL_SOBJECTS",
"CALCULATE_DIGEST",
"ENCAPSULATE",
"DECAPSULATE"
]
array
array
string (uuid)
interface
string | null
ip_address_policy
OneOf
string
string
Valid values[
"allow_all"
]
IpAddressPolicyVariantWhitelist
object (IpAddressPolicyVariantWhitelist)
whitelist
Array of string
string
last_operations
object
generic
integer | null
tokenization
integer | null
tep
integer | null
accelerator
integer | null
secrets_management
integer | null
lastused_at
string
Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$
legacy_access
boolean
name
string
Max length4096
Pattern^[^\n]*[^\s\n][^\n]*$
oauth_config
OneOf
object
object
state
string
Valid values[
"enabled"
]
redirect_uris
Array of string
string
object
object
state
string
Valid values[
"disabled"
]
role
string
Valid values[
"admin",
"crypto"
]