Update an API credential

patch/companies/{companyId}/apiCredentials/{apiCredentialId}

Changes the API credential's roles, merchant account access, or allowed origins. The request has the new values for the fields you want to change. The response contains the full updated API credential, including the new values from the request.

To make this request, your API credential must have the following roles:

Management API—API credentials read and write

Endpoint destination URL

https://management-test.adyen.com/v1/companies/{companyId}/apiCredentials/{apiCredentialId}

Path Parameters

Required

Optional

Unique identifier of the API credential.

The unique identifier of the company account.

Request Parameters

Required

Optional

Indicates if the API credential is enabled.

The new list of allowed origins for the API credential.

List of merchant accounts that the API credential has access to.

Description of the API credential.

List of roles for the API credential. Only roles assigned to 'ws@Company.<CompanyName>' can be assigned to other API credentials.

Response parameters

After submitting a call, you receive a response message to inform you that your request was received and processed.

Depending on the HTTP status code of the response message, it is helpful to build some logic to handle any errors that a request or the system may return.

HTTP Responses

200 - OK
The request has succeeded.
Show more Show less
_linksobject
References to resources linked to the API credential.
Show children Hide children
allowedOriginsobject
List of allowed origins.
Show children Hide children
hrefstring
companyobject
Company account that the API credential is linked to. Only present for company-level webhooks.
Show children Hide children
hrefstring
generateApiKeyobject
Generates a new API key. When you generate a new one, the existing key remains valid for 24 hours.
Show children Hide children
hrefstring
generateClientKeyobject
Generates a new client key, used to authenticate client-side requests. When you generate a new one, the existing key remains valid for 24 hours.
Show children Hide children
hrefstring
merchantobject
The merchant account that the API credential is linked to. Only present for merchant-level API credentials.
Show children Hide children
hrefstring
selfobject
Link to the resource itself.
Show children Hide children
hrefstring
activeboolean
Indicates if the API credential is enabled. Must be set to true to use the credential in your integration.
allowedIpAddressesarray[string]
List of IP addresses from which your client can make requests.

If the list is empty, we allow requests from any IP. If the list is not empty and we get a request from an IP which is not on the list, you get a security error.
allowedOriginsarray[object]
List containing the allowed origins linked to the API credential.
Show children Hide children
_linksobject
References to resources linked to the allowed origin.
Show children Hide children
selfobject
Link to the resource itself.
Show children Hide children
hrefstring
domainstring
Domain of the allowed origin.
idstring
Unique identifier of the allowed origin.
associatedMerchantAccountsarray[string]
List of merchant accounts that the API credential has explicit access to. If the credential has access to a company, this implies access to all merchant accounts and no merchants for that company will be included.
clientKeystring
Public key used for client-side authentication. The client key is required for Drop-in and Components integrations.
descriptionstring
Max length: 50
Description of the API credential.
idstring
Unique identifier of the API credential.
rolesarray[string]
List of roles for the API credential.
usernamestring
The name of the API credential, for example ws@Company.TestCompany.
400 - Bad Request
A problem reading or understanding the request.
Show more Show less
detailstring
A human-readable explanation specific to this occurrence of the problem.
errorCodestring
A code that identifies the problem type.
instancestring
A unique URI that identifies the specific occurrence of the problem.
invalidFieldsarray[InvalidFieldWrapper]
Detailed explanation of each validation error, when applicable.
Show children Hide children
InvalidFieldobject
Show children Hide children
messagestring
Description of the validation error.
namestring
The field that has an invalid value.
valuestring
The invalid value.
requestIdstring
A unique reference for the request, essentially the same as pspReference.
responseobject
JSON response payload.
statusinteger
The HTTP status code.
titlestring
A short, human-readable summary of the problem type.
typestring
A URI that identifies the problem type, pointing to human-readable documentation on this problem type.
401 - Unauthorized
Authentication required.
Show more Show less
detailstring
A human-readable explanation specific to this occurrence of the problem.
errorCodestring
A code that identifies the problem type.
instancestring
A unique URI that identifies the specific occurrence of the problem.
invalidFieldsarray[InvalidFieldWrapper]
Detailed explanation of each validation error, when applicable.
Show children Hide children
InvalidFieldobject
Show children Hide children
messagestring
Description of the validation error.
namestring
The field that has an invalid value.
valuestring
The invalid value.
requestIdstring
A unique reference for the request, essentially the same as pspReference.
responseobject
JSON response payload.
statusinteger
The HTTP status code.
titlestring
A short, human-readable summary of the problem type.
typestring
A URI that identifies the problem type, pointing to human-readable documentation on this problem type.
403 - Forbidden
Insufficient permissions to process the request.
Show more Show less
detailstring
A human-readable explanation specific to this occurrence of the problem.
errorCodestring
A code that identifies the problem type.
instancestring
A unique URI that identifies the specific occurrence of the problem.
invalidFieldsarray[InvalidFieldWrapper]
Detailed explanation of each validation error, when applicable.
Show children Hide children
InvalidFieldobject
Show children Hide children
messagestring
Description of the validation error.
namestring
The field that has an invalid value.
valuestring
The invalid value.
requestIdstring
A unique reference for the request, essentially the same as pspReference.
responseobject
JSON response payload.
statusinteger
The HTTP status code.
titlestring
A short, human-readable summary of the problem type.
typestring
A URI that identifies the problem type, pointing to human-readable documentation on this problem type.
422 - Unprocessable Entity
A request validation error.
Show more Show less
detailstring
A human-readable explanation specific to this occurrence of the problem.
errorCodestring
A code that identifies the problem type.
instancestring
A unique URI that identifies the specific occurrence of the problem.
invalidFieldsarray[InvalidFieldWrapper]
Detailed explanation of each validation error, when applicable.
Show children Hide children
InvalidFieldobject
Show children Hide children
messagestring
Description of the validation error.
namestring
The field that has an invalid value.
valuestring
The invalid value.
requestIdstring
A unique reference for the request, essentially the same as pspReference.
responseobject
JSON response payload.
statusinteger
The HTTP status code.
titlestring
A short, human-readable summary of the problem type.
typestring
A URI that identifies the problem type, pointing to human-readable documentation on this problem type.
500 - Internal Server Error
The server could not process the request.
Show more Show less
detailstring
A human-readable explanation specific to this occurrence of the problem.
errorCodestring
A code that identifies the problem type.
instancestring
A unique URI that identifies the specific occurrence of the problem.
invalidFieldsarray[InvalidFieldWrapper]
Detailed explanation of each validation error, when applicable.
Show children Hide children
InvalidFieldobject
Show children Hide children
messagestring
Description of the validation error.
namestring
The field that has an invalid value.
valuestring
The invalid value.
requestIdstring
A unique reference for the request, essentially the same as pspReference.
responseobject
JSON response payload.
statusinteger
The HTTP status code.
titlestring
A short, human-readable summary of the problem type.
typestring
A URI that identifies the problem type, pointing to human-readable documentation on this problem type.

Update an API credential

Path Parameters

Request Parameters

Response parameters

HTTP Responses

200 - OK

400 - Bad Request

401 - Unauthorized

403 - Forbidden

422 - Unprocessable Entity

500 - Internal Server Error