Skip to content
API Reference
API Reference
Zones
Providers

Update provider

PATCH/zones/{zoneId}/providers/{id}

Updates a Provider's configuration and metadata

Path ParametersExpand Collapse
zoneId: string
id: string
Body ParametersJSONExpand Collapse
client_id: optional string

OAuth 2.0 client identifier. Set to null to remove.

client_secret: optional string

OAuth 2.0 client secret (will be encrypted and stored securely). Set to null to remove.

description: optional string

Human-readable description

maxLength2048
identifier: optional string

User specified identifier, unique within the zone

minLength1
maxLength2048
metadata: optional unknown

Provider metadata. Set to null to remove all metadata.

name: optional string

Human-readable name

minLength1
maxLength255
protocols: optional object { oauth2, openid }

Protocol-specific configuration. Set to null to remove all protocols.

oauth2: optional object { authorization_endpoint, authorization_parameters, authorization_resource_enabled, 10 more }

OAuth 2.0 protocol configuration. Set to null to remove all OAuth2 config.

authorization_endpoint: optional string
formaturi
authorization_parameters: optional map[string]

Custom query parameters appended to authorization redirect URLs. Set to null to unset.

authorization_resource_enabled: optional boolean

Whether to include the resource parameter in authorization requests. Set to null to unset.

authorization_resource_parameter: optional string

The resource parameter value to include in authorization requests. Defaults to "resource" when authorization_resource_enabled is true. Set to null to unset.

code_challenge_methods_supported: optional array of string
issuer: optional string

OIDC issuer URL for discovery and token validation. Cannot be set to null.

formaturi
jwks_uri: optional string
formaturi
registration_endpoint: optional string
formaturi
scope_parameter: optional string

The query parameter name for scopes in authorization requests. Defaults to "scope". Set to null to unset.

scope_separator: optional string

The separator character for scope values. Defaults to " " (space). Set to null to unset.

scopes_supported: optional array of string
token_endpoint: optional string
formaturi
token_response_access_token_pointer: optional string

Dot-separated path to the access token in the token response body. Defaults to "access_token". Set to null to unset.

openid: optional object { userinfo_endpoint }

OpenID Connect protocol configuration. Set to null to remove all OpenID config.

userinfo_endpoint: optional string
formaturi
ReturnsExpand Collapse
Provider = object { id, created_at, identifier, 12 more }

A Provider is a system that supplies access to Resources and allows actors (Users or Applications) to authenticate.

id: string

Unique identifier of the provider

created_at: string

Entity creation timestamp

formatdate-time
identifier: string

User specified identifier, unique within the zone

minLength1
maxLength2048
name: string

Human-readable name

minLength1
maxLength255
organization_id: string

Organization that owns this provider

owner_type: "platform" or "customer"

Who owns this provider. Platform-owned providers cannot be modified via API.

Accepts one of the following:
"platform"
"customer"
slug: string

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this provider belongs to

client_id: optional string

OAuth 2.0 client identifier

client_secret_set: optional boolean

Indicates whether a client secret is configured

description: optional string

Human-readable description

maxLength2048
metadata: optional unknown

Provider metadata

protocols: optional object { oauth2, openid }

Protocol-specific configuration

oauth2: optional object { issuer, authorization_endpoint, authorization_parameters, 10 more }

OAuth 2.0 protocol configuration

issuer: string

OIDC issuer URL used for discovery and token validation.

formaturi
authorization_endpoint: optional string
formaturi
authorization_parameters: optional map[string]

Custom query parameters appended to authorization redirect URLs. Use for non-standard providers (e.g. Google prompt=consent, access_type=offline).

authorization_resource_enabled: optional boolean

Whether to include the resource parameter in authorization requests.

authorization_resource_parameter: optional string

The resource parameter value to include in authorization requests. Defaults to "resource" when authorization_resource_enabled is true.

code_challenge_methods_supported: optional array of string
jwks_uri: optional string
formaturi
registration_endpoint: optional string
formaturi
scope_parameter: optional string

The query parameter name for scopes in authorization requests. Defaults to "scope". Slack v2 uses "user_scope".

scope_separator: optional string

The separator character for scope values. Defaults to " " (space). Slack v2 uses ",".

scopes_supported: optional array of string
token_endpoint: optional string
formaturi
token_response_access_token_pointer: optional string

Dot-separated path to the access token in the token response body. Defaults to "access_token". Slack v2 uses "authed_user.access_token".

openid: optional object { userinfo_endpoint }

OpenID Connect protocol configuration

userinfo_endpoint: optional string
formaturi
type: optional "external" or "keycard-vault" or "keycard-sts"
Accepts one of the following:
"external"
"keycard-vault"
"keycard-sts"

Update provider

curl https://api.keycard.ai/zones/$ZONE_ID/providers/$ID \
    -X PATCH
{
  "id": "id",
  "created_at": "2019-12-27T18:11:19.117Z",
  "identifier": "x",
  "name": "x",
  "organization_id": "organization_id",
  "owner_type": "platform",
  "slug": "slug",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "zone_id": "zone_id",
  "client_id": "client_id",
  "client_secret_set": true,
  "description": "description",
  "metadata": {},
  "protocols": {
    "oauth2": {
      "issuer": "https://example.com",
      "authorization_endpoint": "https://example.com",
      "authorization_parameters": {
        "foo": "string"
      },
      "authorization_resource_enabled": true,
      "authorization_resource_parameter": "authorization_resource_parameter",
      "code_challenge_methods_supported": [
        "string"
      ],
      "jwks_uri": "https://example.com",
      "registration_endpoint": "https://example.com",
      "scope_parameter": "scope_parameter",
      "scope_separator": "scope_separator",
      "scopes_supported": [
        "string"
      ],
      "token_endpoint": "https://example.com",
      "token_response_access_token_pointer": "token_response_access_token_pointer"
    },
    "openid": {
      "userinfo_endpoint": "https://example.com"
    }
  },
  "type": "external"
}
Returns Examples
{
  "id": "id",
  "created_at": "2019-12-27T18:11:19.117Z",
  "identifier": "x",
  "name": "x",
  "organization_id": "organization_id",
  "owner_type": "platform",
  "slug": "slug",
  "updated_at": "2019-12-27T18:11:19.117Z",
  "zone_id": "zone_id",
  "client_id": "client_id",
  "client_secret_set": true,
  "description": "description",
  "metadata": {},
  "protocols": {
    "oauth2": {
      "issuer": "https://example.com",
      "authorization_endpoint": "https://example.com",
      "authorization_parameters": {
        "foo": "string"
      },
      "authorization_resource_enabled": true,
      "authorization_resource_parameter": "authorization_resource_parameter",
      "code_challenge_methods_supported": [
        "string"
      ],
      "jwks_uri": "https://example.com",
      "registration_endpoint": "https://example.com",
      "scope_parameter": "scope_parameter",
      "scope_separator": "scope_separator",
      "scopes_supported": [
        "string"
      ],
      "token_endpoint": "https://example.com",
      "token_response_access_token_pointer": "token_response_access_token_pointer"
    },
    "openid": {
      "userinfo_endpoint": "https://example.com"
    }
  },
  "type": "external"
}