Skip to main content
PATCH
Partially updates an app. All body fields are optional — supply only what you want to change.
Immutable fields: clientId and clientSecret cannot be changed via this endpoint. Attempts to include either field in the PATCH body will return 400 VALIDATION_INVALID_PARAMETER. To rotate the client secret, use POST /apps/{client_id}/rotate-client-secret.

Request

Authorization
string
required
Bearer <API_KEY> from Console > Developers > Workspace API Keys.
Content-Type
string
application/json

Path parameters

client_id
string
required
Client identifier of the app.

Request body

name
string
New display name for the app.
App-level brand logo as a base64 data URL (for example data:image/webp;base64,...). Pass an empty string to remove the logo. Keep the encoded image small — the request body is limited to 1 MB.
redirectUris
string[]
Replaces the full list of allowed OAuth redirect URIs. Pass an empty array to clear all URIs.
webhookConfig
object
Partial webhook configuration. Merges with the existing config — fields you omit are preserved.
defaultSuccessRedirectUri
string
URI users are redirected to after a successful verification when no redirect_uri was supplied at session start.
defaultFailureRedirectUri
string
URI users are redirected to after a failed or cancelled verification when no redirect_uri was supplied at session start.

Response

Returns the updated App object.
Updatable fields: name, logo, redirectUris, webhookConfig, defaultSuccessRedirectUri, defaultFailureRedirectUri. Immutable fields (clientId, clientSecret) are silently ignored if included in the request body. To rotate the client secret use Rotate Client Secret.