Skip to main content
PATCH
/
apps
/
{app_id}
/
auth
/
tokens
/
{token_id}
cURL
curl --request PATCH \
  --url https://api.onesignal.com/apps/{app_id}/auth/tokens/{token_id} \
  --header 'Authorization: <authorization>' \
  --header 'Content-Type: <content-type>' \
  --data '
{
  "name": "<string>",
  "ip_allowlist": [
    "<string>"
  ]
}
'
import Onesignal from '@onesignal/node-onesignal';

const configuration = Onesignal.createConfiguration({
organizationApiKey: 'YOUR_ORGANIZATION_API_KEY',
});
const apiInstance = new Onesignal.DefaultApi(configuration);

// string
const appId: string = "00000000-0000-0000-0000-000000000000";
// string
const tokenId: string = "0aa1b2c3-d4e5-46f7-8899-aabbccddeeff";
// UpdateApiKeyRequest
const updateApiKeyRequest: Onesignal.UpdateApiKeyRequest = {
name: "name_example",
ip_allowlist_mode: "disabled",
ip_allowlist: [
"ip_allowlist_example",
],
};

try {
const response = await apiInstance.updateApiKey(appId, tokenId, updateApiKeyRequest);
console.log(response);
} catch (e) {
if (e instanceof Onesignal.ApiException) {
// `e.errorMessages` flattens any error-envelope shape to a `string[]`;
// the raw parsed body remains on `e.body`.
console.error("updateApiKey failed: HTTP " + e.code, e.errorMessages);
} else {
throw e;
}
}
import onesignal
from onesignal.api import default_api
from onesignal.models import *
from pprint import pprint

# See configuration.py for a list of all supported configuration parameters.
# Some of the OneSignal endpoints require ORGANIZATION_API_KEY token for authorization, while others require REST_API_KEY.
# We recommend adding both of them in the configuration page so that you will not need to figure it out yourself.
configuration = onesignal.Configuration(
rest_api_key = "YOUR_REST_API_KEY", # App REST API key required for most endpoints
organization_api_key = "YOUR_ORGANIZATION_API_KEY" # Organization key is only required for creating new apps and other top-level endpoints
)


# Enter a context with an instance of the API client
with onesignal.ApiClient(configuration) as api_client:
# Create an instance of the API class
api_instance = default_api.DefaultApi(api_client)
app_id = "00000000-0000-0000-0000-000000000000"
token_id = "0aa1b2c3-d4e5-46f7-8899-aabbccddeeff"
update_api_key_request = UpdateApiKeyRequest(
name="name_example",
ip_allowlist_mode="disabled",
ip_allowlist=[
"ip_allowlist_example",
],
)

try:
# Update API key
api_response = api_instance.update_api_key(app_id, token_id, update_api_key_request)
pprint(api_response)
except onesignal.ApiException as e:
print("Exception when calling DefaultApi->update_api_key: %s\n" % e)
print("Status Code: %s" % e.status)
print("Response Body: %s" % e.body)
<?php
require_once(__DIR__ . '/vendor/autoload.php');


// Configure Bearer authorization: organization_api_key
$config = onesignal\client\Configuration::getDefaultConfiguration()
->setRestApiKeyToken('YOUR_REST_API_KEY')
->setOrganizationApiKeyToken('YOUR_ORGANIZATION_API_KEY');



$apiInstance = new onesignal\client\Api\DefaultApi(
// If you want use custom http client, pass your client which implements `GuzzleHttp\ClientInterface`.
// This is optional, `GuzzleHttp\Client` will be used as default.
new GuzzleHttp\Client(),
$config
);
$app_id = '00000000-0000-0000-0000-000000000000'; // string
$token_id = '0aa1b2c3-d4e5-46f7-8899-aabbccddeeff'; // string
$update_api_key_request = new \onesignal\client\model\UpdateApiKeyRequest(); // \onesignal\client\model\UpdateApiKeyRequest

try {
$result = $apiInstance->updateApiKey($app_id, $token_id, $update_api_key_request);
print_r($result);
} catch (\onesignal\client\ApiException $e) {
echo 'Exception when calling DefaultApi->updateApiKey: ', $e->getMessage(), PHP_EOL;
echo 'Status Code: ', $e->getCode(), PHP_EOL;
// getErrorMessages() flattens any error-envelope shape to a string[];
// the raw body remains on getResponseBody().
echo 'Error Messages: ', implode(', ', $e->getErrorMessages()), PHP_EOL;
echo 'Response Body: ', $e->getResponseBody(), PHP_EOL;
} catch (\Exception $e) {
echo 'Exception when calling DefaultApi->updateApiKey: ', $e->getMessage(), PHP_EOL;
}
package main

import (
"context"
"fmt"
"os"

"github.com/OneSignal/onesignal-go-api/v5"
)

func main() {
appId := "00000000-0000-0000-0000-000000000000" // string |
tokenId := "0aa1b2c3-d4e5-46f7-8899-aabbccddeeff" // string |
updateApiKeyRequest := *onesignal.NewUpdateApiKeyRequest() // UpdateApiKeyRequest |

configuration := onesignal.NewConfiguration()
apiClient := onesignal.NewAPIClient(configuration)

orgAuth := context.WithValue(context.Background(), onesignal.OrganizationApiKey, "YOUR_ORGANIZATION_API_KEY") // Organization API key is only required for creating new apps and other top-level endpoints

resp, r, err := apiClient.DefaultApi.UpdateApiKey(orgAuth, appId, tokenId).UpdateApiKeyRequest(updateApiKeyRequest).Execute()

if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `DefaultApi.UpdateApiKey``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
if apiErr, ok := err.(*onesignal.GenericOpenAPIError); ok {
// ErrorMessages() flattens any error-envelope shape to a []string;
// the raw body remains on Body().
fmt.Fprintf(os.Stderr, "Error Messages: %v\n", apiErr.ErrorMessages())
fmt.Fprintf(os.Stderr, "Response Body: %s\n", apiErr.Body())
}
}
// response from `UpdateApiKey`: map[string]interface{}
fmt.Fprintf(os.Stdout, "Response from `DefaultApi.UpdateApiKey`: %v\n", resp)
}
require 'onesignal'
# setup authorization
OneSignal.configure do |config|
# Configure Bearer authorization: organization_api_key
config.organization_api_key = 'YOUR_ORGANIZATION_API_KEY'

end

api_instance = OneSignal::DefaultApi.new
app_id = '00000000-0000-0000-0000-000000000000' # String |
token_id = '0aa1b2c3-d4e5-46f7-8899-aabbccddeeff' # String |
update_api_key_request = OneSignal::UpdateApiKeyRequest.new # UpdateApiKeyRequest |

begin
# Update API key
result = api_instance.update_api_key(app_id, token_id, update_api_key_request)
p result
rescue OneSignal::ApiError => e
puts "Error when calling DefaultApi->update_api_key: #{e}"
puts "Status Code: #{e.code}"
# `e.error_messages` flattens any error-envelope shape to an Array<String>;
# the raw body remains on `e.response_body`.
puts "Error Messages: #{e.error_messages}"
puts "Response Body: #{e.response_body}"
end
// Import classes:
import com.onesignal.client.ApiClient;
import com.onesignal.client.ApiException;
import com.onesignal.client.Configuration;
import com.onesignal.client.auth.*;
import com.onesignal.client.model.*;
import com.onesignal.client.api.DefaultApi;

public class Example {
public static void main(String[] args) {
ApiClient defaultClient = Configuration.getDefaultApiClient();
defaultClient.setBasePath("https://api.onesignal.com");

// Configure HTTP bearer authorization: organization_api_key
HttpBearerAuth organization_api_key = (HttpBearerAuth) defaultClient.getAuthentication("organization_api_key");
organization_api_key.setBearerToken("YOUR_ORGANIZATION_API_KEY");

DefaultApi apiInstance = new DefaultApi(defaultClient);
String appId = "00000000-0000-0000-0000-000000000000"; // String |
String tokenId = "0aa1b2c3-d4e5-46f7-8899-aabbccddeeff"; // String |
UpdateApiKeyRequest updateApiKeyRequest = new UpdateApiKeyRequest(); // UpdateApiKeyRequest |
try {
Object result = apiInstance.updateApiKey(appId, tokenId, updateApiKeyRequest);
System.out.println(result);
} catch (ApiException e) {
System.err.println("Exception when calling DefaultApi#updateApiKey");
System.err.println("Status code: " + e.getCode());
// getErrorMessages() flattens any error-envelope shape to a List<String>;
// the raw body remains on getResponseBody().
System.err.println("Error messages: " + e.getErrorMessages());
System.err.println("Reason: " + e.getResponseBody());
System.err.println("Response headers: " + e.getResponseHeaders());
e.printStackTrace();
}
}
}
using System;
using System.Collections.Generic;
using System.Diagnostics;
using OneSignalApi.Api;
using OneSignalApi.Client;
using OneSignalApi.Model;

namespace Example
{
public class UpdateApiKeyExample
{
public static void Main()
{
Configuration config = new Configuration();
config.BasePath = "https://api.onesignal.com";
// Configure Bearer token for authorization: organization_api_key
config.AccessToken = "YOUR_ORGANIZATION_API_KEY";

var apiInstance = new DefaultApi(config);
var appId = "00000000-0000-0000-0000-000000000000"; // string |
var tokenId = "0aa1b2c3-d4e5-46f7-8899-aabbccddeeff"; // string |
var updateApiKeyRequest = new UpdateApiKeyRequest(); // UpdateApiKeyRequest |

try
{
// Update API key
Object result = apiInstance.UpdateApiKey(appId, tokenId, updateApiKeyRequest);
Debug.WriteLine(result);
}
catch (ApiException e)
{
Debug.Print("Exception when calling DefaultApi.UpdateApiKey: " + e.Message );
Debug.Print("Status Code: "+ e.ErrorCode);
// e.ErrorMessages flattens any error-envelope shape to an IReadOnlyList<string>;
// the raw body remains on e.ErrorContent.
Debug.Print("Error Messages: " + string.Join(", ", e.ErrorMessages));
Debug.Print("Response Body: " + e.ErrorContent);
Debug.Print(e.StackTrace);
}
}
}
}
use onesignal_rust_api::apis::configuration::Configuration;
use onesignal_rust_api::apis::default_api;

use onesignal_rust_api::models;


#[tokio::main]
async fn main() {
let mut configuration = Configuration::new();
configuration.organization_api_key_token = Some("YOUR_ORGANIZATION_API_KEY".to_string());


// Realistic values are pulled from the spec's `example:` fields where present.
let app_id: &str = "00000000-0000-0000-0000-000000000000";
let token_id: &str = "0aa1b2c3-d4e5-46f7-8899-aabbccddeeff";
let update_api_key_request: models::UpdateApiKeyRequest = todo!();

match default_api::update_api_key(&configuration, app_id, token_id, update_api_key_request).await {
Ok(resp) => println!("{:?}", resp),
Err(e @ onesignal_rust_api::apis::Error::ResponseError(_)) => {
// `e.error_messages()` flattens any error-envelope shape to a Vec<String>;
// the raw response remains on the ResponseError variant.
eprintln!("update_api_key failed: {:?}", e.error_messages());
}
Err(e) => eprintln!("update_api_key failed: {:?}", e),
}
}
"{}"
"{}"
{
"errors": [
"Current organization permissions do not allow this action."
]
}
{
"errors": [
"Token not found"
]
}
{
"errors": [
"API rate limit exceeded"
]
}
{
"errors": [
"Service temporarily unavailable"
]
}

Overview

Use this API to update the properties of a specific Rich Authentication Token (App API Key) for a OneSignal app. You can change the name, IP allowlist mode, or the list of allowed IPs. This is helpful for adjusting access rules without needing to recreate the key.
For background on different OneSignal API keys, see Keys & IDs.

How to use this API

Using your Organization API key (available in Organizations > Keys & IDs) you can delete an app token associated with a given app. The token_id is a OneSignal-generated ID specific for the API key. This is not the API key itself. It is returned when creating an API key with Create API key. It can be found in the OneSignal dashboard and in the response body of the View API keys request.

Headers

Content-Type
string
default:application/json
required
Authorization
string
default:Key YOUR_ORGANIZATION_API_KEY
required

Your Organization's API key found in Organizations > Keys & IDs.

Path Parameters

app_id
string
default:YOUR_APP_ID
required

Your OneSignal App ID in UUID v4 format. See Keys & IDs.

token_id
string
required

The OneSignal-generated ID specific to the API key. This is not the API key itself. It is returned when creating an API key with Create API key. It can be found in the OneSignal dashboard and in the response body of the View API keys request.

Body

application/json
name
string

An internal name you set to help organize and track API keys (Rich Authentication Tokens). Maximum 128 characters.

ip_allowlist_mode
enum<string>

Defaults to disabled, can be set to explicit. If set to explicit, a list of network addresses in the form of CIDRs has to be specified in the ip_allowlist parameter.

Available options:
disabled,
explicit
ip_allowlist
string[]

An array of allowed networks in CIDRs notation. Only IPs in those ranges will be permitted to use the API key.

Response

Returns an empty object on success. Issue a follow-up GET to read the updated values.

The response is of type object.