API Reference

Zones

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Update zone

client.Zones.Update(ctx, zoneID, body) (*Zone, error)

PATCH/zones/{zoneId}

Updates a zone's configuration (partial update)

ParametersExpand Collapse

zoneID string

body ZoneUpdateParams

DefaultMcpGatewayApplicationID param.Field[string]optional

Application ID configured as the default MCP Gateway for the zone (set to null to unset)

DefaultResourceID param.Field[string]optional

Resource ID to configure as the default resource for the zone (set to null to unset)

Description param.Field[string]optional

Human-readable description

maxLength2048

EncryptionKey param.Field[ZoneUpdateParamsEncryptionKey]optional

AWS KMS configuration for zone encryption update (set to null to remove customer-managed key and revert to default)

Arn string

AWS KMS Key ARN for encrypting the zone's data

minLength1

Type string

LoginFlow param.Field[ZoneUpdateParamsLoginFlow]optional

Login flow style for the zone. 'default' uses standard authentication, 'identifier_first' uses identifier-based provider routing. Set to null to reset to 'default'.

const ZoneUpdateParamsLoginFlowDefault ZoneUpdateParamsLoginFlow = "default"

const ZoneUpdateParamsLoginFlowIdentifierFirst ZoneUpdateParamsLoginFlow = "identifier_first"

Name param.Field[string]optional

Human-readable name

minLength1

maxLength255

Protocols param.Field[ZoneUpdateParamsProtocols]optional

Protocol configuration update for a zone (partial update)

Oauth2 ZoneUpdateParamsProtocolsOauth2optional

OAuth 2.0 protocol configuration update for a zone (partial update)

DcrEnabled booloptional

Whether Dynamic Client Registration is enabled

PkceRequired booloptional

Whether PKCE is required for authorization code flows

RequiresInvitation param.Field[bool]optional

Whether the zone requires an invitation for email/password registration, only applies when user_identity_provider_id is not set

UserIdentityProviderID param.Field[string]optional

Provider ID to configure for user login (set to null to unset)

ReturnsExpand Collapse

type Zone struct{…}

A zone for organizing resources within an organization

ID string

Unique identifier of the zone

CreatedAt Time

Entity creation timestamp

formatdate-time

Name string

Human-readable name

minLength1

maxLength255

OrganizationID string

Organization that owns this zone

Protocols ZoneProtocols

Protocol configuration for a zone

Oauth2 ZoneProtocolsOauth2

OAuth 2.0 protocol configuration for a zone

AuthorizationEndpoint string

OAuth 2.0 authorization endpoint

formaturi

AuthorizationServerMetadata string

OAuth 2.0 Authorization Server Metadata endpoint (.well-known/oauth-authorization-server)

formaturi

DcrEnabled bool

Whether Dynamic Client Registration is enabled

Issuer string

OAuth 2.0 issuer identifier

formaturi

JwksUri string

JSON Web Key Set endpoint

formaturi

PkceRequired bool

Whether PKCE is required for authorization code flows

RedirectUri string

OAuth 2.0 redirect URI for this zone

formaturi

RegistrationEndpoint string

OAuth 2.0 Dynamic Client Registration endpoint

formaturi

TokenEndpoint string

OAuth 2.0 token endpoint

formaturi

Openid ZoneProtocolsOpenid

OpenID Connect protocol configuration for a zone

ProviderConfiguration string

OpenID Connect Provider Configuration endpoint (.well-known/openid-configuration)

formaturi

UserinfoEndpoint string

OpenID Connect UserInfo endpoint

formaturi

Slug string

URL-safe identifier, unique within the zone

minLength1

maxLength63

UpdatedAt Time

Entity update timestamp

formatdate-time

DefaultMcpGatewayApplicationID stringoptional

Application ID configured as the default MCP Gateway for the zone

DefaultResourceID stringoptional

Resource ID configured as the default resource for the zone

Description stringoptional

Human-readable description

maxLength2048

EncryptionKey EncryptionKeyAwsKmsConfigoptional

AWS KMS configuration for zone encryption. When not specified, the default Keycard Cloud encryption key will be used.

Arn string

AWS KMS Key ARN for encrypting the zone's data

minLength1

Type EncryptionKeyAwsKmsConfigType

LoginFlow ZoneLoginFlowoptional

Login flow style for the zone. 'default' uses standard authentication, 'identifier_first' uses identifier-based provider routing.

Accepts one of the following:

const ZoneLoginFlowDefault ZoneLoginFlow = "default"

const ZoneLoginFlowIdentifierFirst ZoneLoginFlow = "identifier_first"

Permissions map[string, map[string, bool]]optional

Permissions granted to the authenticated principal. Only populated when expand[]=permissions query parameter is provided. Keys are resource types, values are objects mapping action names to boolean values.

RequiresInvitation booloptional

Whether the zone requires an invitation for email/password registration, only applies when user_identity_provider_id is not set

UserIdentityProviderID stringoptional

Provider ID configured for user login

Update zone

Go

HTTP

TypeScript

Python

Go

package main

import (
  "context"
  "fmt"

  "github.com/keycardai/keycard-go"
)

func main() {
  client := keycard.NewClient(

  )
  zone, err := client.Zones.Update(
    context.TODO(),
    "zoneId",
    keycard.ZoneUpdateParams{

    },
  )
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", zone.ID)
}

200 example

{
  "id": "id",
  "created_at": "2019-12-27T18:11:19.117Z",
  "name": "x",
  "organization_id": "organization_id",
  "protocols": {
    "oauth2": {
      "authorization_endpoint": "https://example.com",
      "authorization_server_metadata": "https://example.com",
      "dcr_enabled": true,
      "issuer": "https://example.com",
      "jwks_uri": "https://example.com",
      "pkce_required": true,
      "redirect_uri": "https://example.com",
      "registration_endpoint": "https://example.com",
      "token_endpoint": "https://example.com"
    },
    "openid": {
      "provider_configuration": "https://example.com",
      "userinfo_endpoint": "https://example.com"
    }
  },
  "slug": "slug",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "default_mcp_gateway_application_id": "default_mcp_gateway_application_id",
  "default_resource_id": "default_resource_id",
  "description": "description",
  "encryption_key": {
    "arn": "x",
    "type": "aws"
  },
  "login_flow": "default",
  "permissions": {
    "zones": {
      "read": true,
      "update": true,
      "delete": false,
      "create": false
    },
    "applications": {
      "read": true,
      "list": true,
      "create": false
    }
  },
  "requires_invitation": true,
  "user_identity_provider_id": "user_identity_provider_id"
}

Returns Examples

200 example

{
  "id": "id",
  "created_at": "2019-12-27T18:11:19.117Z",
  "name": "x",
  "organization_id": "organization_id",
  "protocols": {
    "oauth2": {
      "authorization_endpoint": "https://example.com",
      "authorization_server_metadata": "https://example.com",
      "dcr_enabled": true,
      "issuer": "https://example.com",
      "jwks_uri": "https://example.com",
      "pkce_required": true,
      "redirect_uri": "https://example.com",
      "registration_endpoint": "https://example.com",
      "token_endpoint": "https://example.com"
    },
    "openid": {
      "provider_configuration": "https://example.com",
      "userinfo_endpoint": "https://example.com"
    }
  },
  "slug": "slug",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "default_mcp_gateway_application_id": "default_mcp_gateway_application_id",
  "default_resource_id": "default_resource_id",
  "description": "description",
  "encryption_key": {
    "arn": "x",
    "type": "aws"
  },
  "login_flow": "default",
  "permissions": {
    "zones": {
      "read": true,
      "update": true,
      "delete": false,
      "create": false
    },
    "applications": {
      "read": true,
      "list": true,
      "create": false
    }
  },
  "requires_invitation": true,
  "user_identity_provider_id": "user_identity_provider_id"
}