Update Credential

Beta

PATCH

https://api.speechify.ai/v1/credentials/:id

PATCH

/v1/credentials/:id

$ curl -X PATCH https://api.speechify.ai/v1/credentials/id \
>      -H "Authorization: Bearer <token>" \
>      -H "Content-Type: application/json" \
>      -d '{}'

1 {
2   "id": "cred_01arz3ndektsv4rrffq69g5fav",
3   "name": "Acme Inc OAuth2 Client Credentials",
4   "kind": "oauth2_client_credentials",
5   "config": {
6     "oauth2_client_credentials": {
7       "token_url": "https://auth.acme-inc.com/oauth2/token",
8       "client_id": "acme-client-12345",
9       "client_secret_set": true,
10       "scopes": [
11         "read:documents",
12         "write:documents"
13       ],
14       "audience": "https://api.acme-inc.com"
15     },
16     "oauth2_jwt": {
17       "token_url": "https://auth.acme-inc.com/oauth2/jwt/token",
18       "issuer": "service-account@acme-inc.iam.gserviceaccount.com",
19       "audience": "https://api.acme-inc.com",
20       "private_key_set": true,
21       "subject": "service-account@acme-inc.iam.gserviceaccount.com",
22       "scopes": [
23         "https://www.googleapis.com/auth/cloud-platform"
24       ],
25       "key_id": "key-1234567890abcdef"
26     },
27     "basic": {
28       "username": "acme_user",
29       "password_set": true
30     },
31     "bearer": {
32       "token_set": true
33     },
34     "custom_headers": {
35       "header_names": [
36         "X-Acme-Api-Key",
37         "X-Acme-Request-Id"
38       ]
39     }
40   },
41   "created_at": "2024-01-15T09:30:00Z",
42   "updated_at": "2024-01-15T09:30:00Z"
43 }

Rotate a credential’s secret and/or rename it, in place, keeping the same id so every referencing config picks up the change with no re-wiring. Because the vault is write-only, rotation is the only way to change a stored secret. The kind is immutable: a rotated config must populate the same block as the credential’s existing kind.

Authentication

AuthorizationBearer

Enter your API key with the Bearer prefix, e.g. ‘Bearer sk_…’.

Path parameters

idstringRequired

Credential id (prefixed external id, cred_...).

Request

This endpoint expects an object.

namestringOptional

New human-readable label, unique per workspace.

configobjectOptional

Kind-specific credential payload, used on WRITES only (create and rotate). Exactly one block is populated — the one named by the credential’s kind. The secret fields are write-only: they are accepted here but are NEVER returned on reads — a read returns the masked CredentialConfigView instead.

Response

The updated credential.

idstring

Workspace-scoped credential identifier (prefixed external id).

namestring

Human-readable label, unique per workspace among active credentials.

kindenum

Discriminates the auth flow a credential carries. The matching config.<kind> block is the one that must be populated.

configobject

The masked, read-safe projection of a credential’s config. Returned on every read (list / get / create / rotate response). Non-secret fields (token URLs, client ids, issuer, header names) pass through; each secret is replaced by a *_set boolean. Secret values are never returned — to change one, rotate it via PATCH /v1/credentials/{id}. Exactly one block is populated, matching the credential’s kind.

created_atdatetime

updated_atdatetime

Errors

400

Bad Request Error

401

Unauthorized Error

404

Not Found Error

409

Conflict Error

Authentication

Path parameters

Headers

Request

Response

Errors