Skip to main content
PATCH
/
apps
/
{app_id}
/
auth
/
tokens
/
{token_id}
Update API key
curl --request PATCH \
  --url https://api.onesignal.com/apps/{app_id}/auth/tokens/{token_id} \
  --header 'Authorization: <authorization>' \
  --header 'Content-Type: <content-type>' \
  --data '
{
  "name": "<string>",
  "ip_allowlist_mode": "disabled",
  "ip_allowlist": [
    "<string>"
  ]
}
'
"{}"

Overview

Use this API to update the properties of a specific Rich Authentication Token (App API Key) for a OneSignal app. You can change the name, IP allowlist mode, or the list of allowed IPs. This is helpful for adjusting access rules without needing to recreate the key.
For background on different OneSignal API keys, see Keys & IDs.

How to use this API

Using your Organization API key (available in Organizations > Keys & IDs) you can delete an app token associated with a given app. The token_id is a OneSignal-generated ID specific for the API key. This is not the API key itself. It is returned when creating an API key with Create API key. It can be found in the OneSignal dashboard and in the response body of the View API keys request.

Headers

Content-Type
string
default:application/json
required
Authorization
string
default:Key YOUR_ORGANIZATION_API_KEY
required

Your Organization's API key found in Organizations > Keys & IDs.

Path Parameters

app_id
string
default:YOUR_APP_ID
required

Your OneSignal App ID in UUID v4 format. See Keys & IDs.

token_id
string
required

The OneSignal-generated ID specific to the API key. This is not the API key itself. It is returned when creating an API key with Create API key. It can be found in the OneSignal dashboard and in the response body of the View API keys request.

Body

application/json
name
string

An internal name you set to help organize and track API keys (Rich Authentication Tokens). Maximum 128 characters.

ip_allowlist_mode
enum<string>

Defaults to disabled, can be set to explicit. If set to explicit, a list of network addresses in the form of CIDRs has to be specified in the ip_allowlist parameter.

Available options:
disabled,
explicit
ip_allowlist
string[]

An array of allowed networks in CIDRs notation. Only IPs in those ranges will be permitted to use the API key.

Response

200

The response is of type object.