Skip to main content
PATCH
/
v1
/
publishable-keys
/
{key_id}
curl --request PATCH \
  --url https://api.oneinbox.ai/v1/publishable-keys/{key_id} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "allowed_origins": [
    "https://yoursite.com",
    "https://app.yoursite.com",
    "https://staging.yoursite.com"
  ]
}
'
{
  "id": "pk_abc123",
  "key": "oi_pk_live_abc123def456",
  "key_prefix": "oi_pk_live_abc1",
  "name": "Production widget",
  "allowed_origins": [
    "https://yoursite.com",
    "https://app.yoursite.com"
  ],
  "is_active": true,
  "created_at": "2023-11-07T05:31:56Z",
  "updated_at": "2023-11-07T05:31:56Z"
}

Authorizations

Authorization
string
header
required

Use api_key from POST /v1/api-keys

Path Parameters

key_id
string
required

Body

application/json
name
string
Example:

"Updated widget key"

allowed_origins
string[]

Replaces the full list of allowed origins. Pass an empty array to allow all origins.

Example:
[
  "https://yoursite.com",
  "https://app.yoursite.com"
]
is_active
boolean

Set to false to temporarily disable this key without revoking it.

Response

200 - application/json

OK

id
string
Example:

"pk_abc123"

key
string

Full publishable key value — only returned on create. Shows key_prefix on subsequent lists.

Example:

"oi_pk_live_abc123def456"

key_prefix
string
Example:

"oi_pk_live_abc1"

name
string
Example:

"Production widget"

allowed_origins
string[]

Domains allowed to use this key. Requests from other origins return 403.

Example:
[
  "https://yoursite.com",
  "https://app.yoursite.com"
]
is_active
boolean
created_at
string<date-time>
updated_at
string<date-time>