How to update an api key?

I tried to update an api key using dashboard, removing/adding an access right api, but an error occurred “Key object validation failed”. I tried to update api key with advanced management api, but an error occurred “User does not have permission to add API to key Access Rights!”.
I used /api/apis/api-id/keys/key-id path with authorization in header.
What the problem is?

Another question, when I update a key or an api definition, I have set all definition params or only parms to update? I tried to update an api definition changing only name, the response is update, but api is removed from dashboard.

Daniele Motta

Hmmm, looks like something is wrong with the object you sent. If you created this key programatically, then you need to make sure to set the metadata. If you search this forum there’s a few fixes around for it, either buy manually modifying the schema or by ensuring your object validates when you first create it.

Did you create the key with a user that is not part of an Organisation? Or the two do not belong to the same org? This will be the source of your issue. Org ID’s need to be aligned and the creating user must belong to the same Org. Do not use a super-user.

You need to update the whole object, not selectively. So GET -> Update -> PUT should be your cycle.

If you don’t you break the object, and it’s links and then break your dashboard.

It works. I have add meta_data in key creation and now api key is updatable from dashboard.

User and key have same organization. Should be that error occurred because admin-auth header needed?


No, the admin-auth header (“Admin API”) calls are for bootstrapping, so you would:

  • Generate a user with admin API (make sure to assign it an org ID)
  • That call returns an access token for the Advanced API
  • Use this token to create API & Key

Or if you already have a user (as in, a dashboard user that belongs to an organisation), just go and create a new user in the dashboard called “API Access User” and grab the API key, then just use that for all of your calls and you should have internal consistency between your objects.

Only use the admin API calls for bootstrapping, never for anything more.