> For clean Markdown of any page, append .md to the page URL.
> For a complete documentation index, see https://help.sigmacomputing.com/llms.txt.
> For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://help.sigmacomputing.com/_mcp/server.

# Update an API credential

PATCH https://api.sigmacomputing.com/v2/api-credentials/{apiCredentialId}
Content-Type: application/json

This endpoint updates one or more fields on an existing API credential. For more information on API credentials, see [Configure API credentials and connectors in Sigma](https://help.sigmacomputing.com/docs/configure-api-credentials-and-connectors-in-sigma).

### Usage notes
- The user making this request must be assigned an account type with the **Manage API connectors** permission enabled and have **Can edit** access to the API credential.
- Retrieve the **apiCredentialId** by calling the [/v2/api-credentials](https://help.sigmacomputing.com/reference/list-api-credentials) endpoint.
- Omitted fields are left unchanged.
- If a `credential` is provided, the provided authentication details (ID, secret, etc.) replace the previous values. To leave secrets unchanged, omit the `credential` parameter.

### Usage scenarios
- **Secret rotation:** Update the secret fields for a credential automatically for an external service.
- **Allowlist updates:** Expand or restrict the set of hostnames the credential can be used against.

Reference: https://help.sigmacomputing.com/reference/update-api-credential

## OpenAPI Specification

```yaml
openapi: 3.1.0
info:
  title: sigma-rest-api
  version: 1.0.0
paths:
  /v2/api-credentials/{apiCredentialId}:
    patch:
      operationId: updateApiCredential
      summary: Update an API credential
      description: >-
        This endpoint updates one or more fields on an existing API credential.
        For more information on API credentials, see [Configure API credentials
        and connectors in
        Sigma](https://help.sigmacomputing.com/docs/configure-api-credentials-and-connectors-in-sigma).


        ### Usage notes

        - The user making this request must be assigned an account type with the
        **Manage API connectors** permission enabled and have **Can edit**
        access to the API credential.

        - Retrieve the **apiCredentialId** by calling the
        [/v2/api-credentials](https://help.sigmacomputing.com/reference/list-api-credentials)
        endpoint.

        - Omitted fields are left unchanged.

        - If a `credential` is provided, the provided authentication details
        (ID, secret, etc.) replace the previous values. To leave secrets
        unchanged, omit the `credential` parameter.


        ### Usage scenarios

        - **Secret rotation:** Update the secret fields for a credential
        automatically for an external service.

        - **Allowlist updates:** Expand or restrict the set of hostnames the
        credential can be used against.
      tags:
        - apiCredentials
      parameters:
        - name: apiCredentialId
          in: path
          required: true
          schema:
            type: string
        - name: Authorization
          in: header
          description: OAuth authentication
          required: true
          schema:
            type: string
      responses:
        '200':
          description: The response body.
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/api-credentials_updateApiCredential_Response_200
      requestBody:
        description: The request body.
        content:
          application/json:
            schema:
              type: object
              properties:
                name:
                  type: string
                  description: New display name.
                description:
                  type:
                    - string
                    - 'null'
                  description: New description. Pass `null` to clear.
                allowlist:
                  type: array
                  items:
                    type: string
                  description: >-
                    Replacement list of hostname glob patterns. Must not be
                    empty; use `["*"]` to allow every host.
                credential:
                  $ref: >-
                    #/components/schemas/V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredential
servers:
  - url: https://api.sigmacomputing.com
    description: Server for GCP (US) hosted organizations
  - url: https://api.sa.gcp.sigmacomputing.com
    description: Server for GCP (KSA) hosted organizations
  - url: https://aws-api.sigmacomputing.com
    description: Server for AWS US (West) hosted organizations
  - url: https://api.us-a.aws.sigmacomputing.com
    description: Server for AWS US (East) hosted organizations
  - url: https://api.ca.aws.sigmacomputing.com
    description: Server for AWS Canada hosted organizations
  - url: https://api.eu.aws.sigmacomputing.com
    description: Server for AWS Europe hosted organizations
  - url: https://api.au.aws.sigmacomputing.com
    description: Server for AWS Australia and APAC hosted organizations
  - url: https://api.uk.aws.sigmacomputing.com
    description: Server for AWS UK hosted organizations
  - url: https://api.us.azure.sigmacomputing.com
    description: Server for Azure US hosted organizations
  - url: https://api.eu.azure.sigmacomputing.com
    description: Server for Azure Europe hosted organizations
  - url: https://api.ca.azure.sigmacomputing.com
    description: Server for Azure Canada hosted organizations
  - url: https://api.uk.azure.sigmacomputing.com
    description: Server for Azure United Kingdom hosted organizations
  - url: https://api.au.azure.sigmacomputing.com
    description: Server for Azure Australia hosted organizations
components:
  schemas:
    V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf0AuthMethod:
      type: string
      enum:
        - basic
      title: >-
        V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf0AuthMethod
    V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf0Basic:
      type: object
      properties:
        username:
          type: string
          description: Username for Basic authentication.
        password:
          type: string
          description: >-
            Password for Basic authentication. Encrypted at rest; never returned
            in responses.
      required:
        - username
        - password
      title: >-
        V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf0Basic
    V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredential0:
      type: object
      properties:
        authMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf0AuthMethod
        basic:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf0Basic
      required:
        - authMethod
        - basic
      title: >-
        V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredential0
    V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf1AuthMethod:
      type: string
      enum:
        - bearer
      title: >-
        V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf1AuthMethod
    V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf1Bearer:
      type: object
      properties:
        token:
          type: string
          description: Bearer token. Encrypted at rest; never returned in responses.
      required:
        - token
      title: >-
        V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf1Bearer
    V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredential1:
      type: object
      properties:
        authMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf1AuthMethod
        bearer:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf1Bearer
      required:
        - authMethod
        - bearer
      title: >-
        V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredential1
    V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf2AuthMethod:
      type: string
      enum:
        - apiKey
      title: >-
        V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf2AuthMethod
    V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf2ApiKey:
      type: object
      properties:
        key:
          type: string
          description: Header or query parameter name carrying the API key.
        value:
          type: string
          description: API key value. Encrypted at rest; never returned in responses.
        isQueryParam:
          type: boolean
          description: >-
            Whether the key is sent as a query parameter; if false, it is sent
            as a header.
      required:
        - key
        - value
        - isQueryParam
      title: >-
        V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf2ApiKey
    V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredential2:
      type: object
      properties:
        authMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf2AuthMethod
        apiKey:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf2ApiKey
      required:
        - authMethod
        - apiKey
      title: >-
        V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredential2
    V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf3AuthMethod:
      type: string
      enum:
        - oAuthClientCredentials
      title: >-
        V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf3AuthMethod
    V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf3OAuthClientCredentialsAccessTokenAuthMethod:
      type: string
      enum:
        - httpBasic
        - requestBody
      description: How client credentials are presented to the token endpoint.
      title: >-
        V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf3OAuthClientCredentialsAccessTokenAuthMethod
    V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf3OAuthClientCredentials:
      type: object
      properties:
        clientId:
          type: string
          description: OAuth client ID.
        clientSecret:
          type: string
          description: OAuth client secret. Encrypted at rest; never returned in responses.
        accessTokenUrl:
          type: string
          description: OAuth token endpoint URL.
        scopes:
          type: array
          items:
            type: string
          description: OAuth scopes requested at token exchange.
        accessTokenAuthMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf3OAuthClientCredentialsAccessTokenAuthMethod
          description: How client credentials are presented to the token endpoint.
      required:
        - clientId
        - clientSecret
        - accessTokenUrl
        - scopes
        - accessTokenAuthMethod
      title: >-
        V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf3OAuthClientCredentials
    V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredential3:
      type: object
      properties:
        authMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf3AuthMethod
        oAuthClientCredentials:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf3OAuthClientCredentials
      required:
        - authMethod
        - oAuthClientCredentials
      title: >-
        V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredential3
    V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf4AuthMethod:
      type: string
      enum:
        - awsSigV4
      title: >-
        V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf4AuthMethod
    V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf4AwsSigV4TemporaryCredentialsResponseMapping:
      type: object
      properties:
        accessKeyField:
          type: string
        secretKeyField:
          type: string
        sessionTokenField:
          type: string
        expirationField:
          type: string
      title: >-
        V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf4AwsSigV4TemporaryCredentialsResponseMapping
    V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf4AwsSigV4TemporaryCredentialsRequestParamsItemsSendIn:
      type: string
      enum:
        - queryParam
        - body
        - header
      title: >-
        V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf4AwsSigV4TemporaryCredentialsRequestParamsItemsSendIn
    V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf4AwsSigV4TemporaryCredentialsRequestParamsItems:
      type: object
      properties:
        key:
          type: string
        value:
          type: string
        sendIn:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf4AwsSigV4TemporaryCredentialsRequestParamsItemsSendIn
      required:
        - key
        - value
        - sendIn
      title: >-
        V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf4AwsSigV4TemporaryCredentialsRequestParamsItems
    V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf4AwsSigV4:
      type: object
      properties:
        accessKeyId:
          type: string
          description: AWS access key ID.
        secretAccessKey:
          type: string
          description: >-
            AWS secret access key. Encrypted at rest; never returned in
            responses.
        region:
          type: string
          description: AWS region for SigV4 signing.
        service:
          type: string
          description: AWS service name for SigV4 signing (e.g. `s3`, `execute-api`).
        sessionToken:
          type: string
          description: AWS STS session token for temporary credentials.
        temporaryCredentialsUrl:
          type: string
          description: URL that vends temporary credentials (e.g. STS AssumeRole endpoint).
        temporaryCredentialsResponseMapping:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf4AwsSigV4TemporaryCredentialsResponseMapping
        temporaryCredentialsRequestParams:
          type: array
          items:
            $ref: >-
              #/components/schemas/V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf4AwsSigV4TemporaryCredentialsRequestParamsItems
          description: >-
            Additional key/value parameters attached to the
            temporary-credentials swap request. Each entry specifies whether it
            is sent as a request header, body field, or query parameter
            (`sendIn`: `header` | `body` | `queryParam`). Use this when the swap
            endpoint requires its own authentication (for example, an
            `x-api-key` header).
      required:
        - accessKeyId
        - secretAccessKey
      title: >-
        V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf4AwsSigV4
    V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredential4:
      type: object
      properties:
        authMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf4AuthMethod
        awsSigV4:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredentialOneOf4AwsSigV4
      required:
        - authMethod
        - awsSigV4
      title: >-
        V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredential4
    V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredential:
      oneOf:
        - $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredential0
        - $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredential1
        - $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredential2
        - $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredential3
        - $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredential4
      title: >-
        V2ApiCredentialsApiCredentialIdPatchRequestBodyContentApplicationJsonSchemaCredential
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaAuthMethod:
      type: string
      enum:
        - basic
        - bearer
        - apiKey
        - oAuthClientCredentials
        - oAuthAuthorizationCode
        - oAuthPasswordCredentials
        - awsSigV4
      description: Authentication method the credential uses.
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaAuthMethod
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf0AuthMethod:
      type: string
      enum:
        - basic
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf0AuthMethod
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf0Basic:
      type: object
      properties:
        username:
          type: string
          description: Username for Basic authentication.
      required:
        - username
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf0Basic
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredential0:
      type: object
      properties:
        authMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf0AuthMethod
        basic:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf0Basic
      required:
        - authMethod
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredential0
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf1AuthMethod:
      type: string
      enum:
        - bearer
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf1AuthMethod
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredential1:
      type: object
      properties:
        authMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf1AuthMethod
      required:
        - authMethod
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredential1
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf2AuthMethod:
      type: string
      enum:
        - apiKey
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf2AuthMethod
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf2ApiKey:
      type: object
      properties:
        key:
          type: string
          description: Header or query parameter name carrying the API key.
        isQueryParam:
          type: boolean
          description: >-
            Whether the key is sent as a query parameter; if false, it is sent
            as a header.
      required:
        - key
        - isQueryParam
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf2ApiKey
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredential2:
      type: object
      properties:
        authMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf2AuthMethod
        apiKey:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf2ApiKey
      required:
        - authMethod
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredential2
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf3AuthMethod:
      type: string
      enum:
        - oAuthClientCredentials
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf3AuthMethod
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf3OAuthClientCredentialsAccessTokenAuthMethod:
      type: string
      enum:
        - httpBasic
        - requestBody
      description: How client credentials are presented to the token endpoint.
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf3OAuthClientCredentialsAccessTokenAuthMethod
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf3OAuthClientCredentials:
      type: object
      properties:
        clientId:
          type: string
          description: OAuth client ID.
        accessTokenUrl:
          type: string
          description: OAuth token endpoint URL.
        scopes:
          type: array
          items:
            type: string
          description: OAuth scopes requested at token exchange.
        accessTokenAuthMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf3OAuthClientCredentialsAccessTokenAuthMethod
          description: How client credentials are presented to the token endpoint.
      required:
        - clientId
        - accessTokenUrl
        - scopes
        - accessTokenAuthMethod
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf3OAuthClientCredentials
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredential3:
      type: object
      properties:
        authMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf3AuthMethod
        oAuthClientCredentials:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf3OAuthClientCredentials
      required:
        - authMethod
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredential3
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf4AuthMethod:
      type: string
      enum:
        - oAuthAuthorizationCode
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf4AuthMethod
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf4OAuthAuthorizationCodeAccessTokenAuthMethod:
      type: string
      enum:
        - httpBasic
        - requestBody
      description: How client credentials are presented to the token endpoint.
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf4OAuthAuthorizationCodeAccessTokenAuthMethod
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf4OAuthAuthorizationCode:
      type: object
      properties:
        clientId:
          type: string
          description: OAuth client ID.
        authorizationUrl:
          type: string
          description: OAuth authorization endpoint URL.
        accessTokenUrl:
          type: string
          description: OAuth token endpoint URL.
        scopes:
          type: array
          items:
            type: string
          description: OAuth scopes.
        accessTokenAuthMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf4OAuthAuthorizationCodeAccessTokenAuthMethod
          description: How client credentials are presented to the token endpoint.
      required:
        - clientId
        - authorizationUrl
        - accessTokenUrl
        - scopes
        - accessTokenAuthMethod
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf4OAuthAuthorizationCode
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredential4:
      type: object
      properties:
        authMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf4AuthMethod
        oAuthAuthorizationCode:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf4OAuthAuthorizationCode
      required:
        - authMethod
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredential4
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf5AuthMethod:
      type: string
      enum:
        - oAuthPasswordCredentials
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf5AuthMethod
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf5OAuthPasswordCredentialsAccessTokenAuthMethod:
      type: string
      enum:
        - httpBasic
        - requestBody
      description: How client credentials are presented to the token endpoint.
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf5OAuthPasswordCredentialsAccessTokenAuthMethod
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf5OAuthPasswordCredentials:
      type: object
      properties:
        username:
          type: string
          description: OAuth resource-owner username.
        accessTokenUrl:
          type: string
          description: OAuth token endpoint URL.
        scopes:
          type: array
          items:
            type: string
          description: OAuth scopes.
        accessTokenAuthMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf5OAuthPasswordCredentialsAccessTokenAuthMethod
          description: How client credentials are presented to the token endpoint.
        clientId:
          type: string
          description: OAuth client ID.
      required:
        - username
        - accessTokenUrl
        - scopes
        - accessTokenAuthMethod
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf5OAuthPasswordCredentials
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredential5:
      type: object
      properties:
        authMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf5AuthMethod
        oAuthPasswordCredentials:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf5OAuthPasswordCredentials
      required:
        - authMethod
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredential5
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf6AuthMethod:
      type: string
      enum:
        - awsSigV4
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf6AuthMethod
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf6AwsSigV4TemporaryCredentialsResponseMapping:
      type: object
      properties:
        accessKeyField:
          type: string
        secretKeyField:
          type: string
        sessionTokenField:
          type: string
        expirationField:
          type: string
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf6AwsSigV4TemporaryCredentialsResponseMapping
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf6AwsSigV4TemporaryCredentialsRequestParamsItemsSendIn:
      type: string
      enum:
        - queryParam
        - body
        - header
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf6AwsSigV4TemporaryCredentialsRequestParamsItemsSendIn
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf6AwsSigV4TemporaryCredentialsRequestParamsItems:
      type: object
      properties:
        key:
          type: string
        value:
          type: string
        sendIn:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf6AwsSigV4TemporaryCredentialsRequestParamsItemsSendIn
      required:
        - key
        - value
        - sendIn
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf6AwsSigV4TemporaryCredentialsRequestParamsItems
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf6AwsSigV4:
      type: object
      properties:
        accessKeyId:
          type: string
          description: AWS access key ID.
        region:
          type: string
          description: AWS region for SigV4 signing.
        service:
          type: string
          description: AWS service name for SigV4 signing (e.g. `s3`, `execute-api`).
        temporaryCredentialsUrl:
          type: string
          description: URL that vends temporary credentials (e.g. STS AssumeRole endpoint).
        temporaryCredentialsResponseMapping:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf6AwsSigV4TemporaryCredentialsResponseMapping
        temporaryCredentialsRequestParams:
          type: array
          items:
            $ref: >-
              #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf6AwsSigV4TemporaryCredentialsRequestParamsItems
          description: >-
            Additional parameters sent on the temporary-credentials swap
            request, each tagged with `sendIn` (`header` | `body` |
            `queryParam`).
      required:
        - accessKeyId
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf6AwsSigV4
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredential6:
      type: object
      properties:
        authMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf6AuthMethod
        awsSigV4:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredentialOneOf6AwsSigV4
      required:
        - authMethod
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredential6
    V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredential:
      oneOf:
        - $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredential0
        - $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredential1
        - $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredential2
        - $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredential3
        - $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredential4
        - $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredential5
        - $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredential6
      description: >-
        Nonsensitive projection of the credential, discriminated by
        `authMethod`. Secret fields (password, token, clientSecret,
        secretAccessKey) are never returned.
      title: >-
        V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredential
    api-credentials_updateApiCredential_Response_200:
      type: object
      properties:
        apiCredentialId:
          type: string
          description: Unique identifier of the API credential.
        name:
          type: string
          description: Display name of the credential.
        authMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaAuthMethod
          description: Authentication method the credential uses.
        allowlist:
          type: array
          items:
            type: string
          description: >-
            Hostname glob patterns (e.g. `*.example.com`) that the credential is
            authorized to be used against.
        credential:
          $ref: >-
            #/components/schemas/V2ApiCredentialsApiCredentialIdPatchResponsesContentApplicationJsonSchemaCredential
          description: >-
            Nonsensitive projection of the credential, discriminated by
            `authMethod`. Secret fields (password, token, clientSecret,
            secretAccessKey) are never returned.
        createdBy:
          type: string
          description: The identifier of the user who created this object.
        updatedBy:
          type: string
          description: The identifier of the user or process that last updated this object.
        createdAt:
          type: string
          format: date-time
          description: When the object was created.
        updatedAt:
          type: string
          format: date-time
          description: When the object was last updated.
        description:
          type: string
          description: Human-readable description.
      required:
        - apiCredentialId
        - name
        - authMethod
        - allowlist
        - credential
        - createdBy
        - updatedBy
        - createdAt
        - updatedAt
      title: api-credentials_updateApiCredential_Response_200
  securitySchemes:
    OAuth:
      type: http
      scheme: bearer
      description: OAuth 2.0 authentication

```

## Examples



**Request**

```json
{}
```

**Response**

```json
{
  "apiCredentialId": "string",
  "name": "string",
  "authMethod": "basic",
  "allowlist": [
    "string"
  ],
  "credential": {
    "authMethod": "basic",
    "basic": {
      "username": "string"
    }
  },
  "createdBy": "string",
  "updatedBy": "string",
  "createdAt": "2024-01-15T09:30:00Z",
  "updatedAt": "2024-01-15T09:30:00Z",
  "description": "string"
}
```

**SDK Code**

```python
import requests

url = "https://api.sigmacomputing.com/v2/api-credentials/apiCredentialId"

payload = {}
headers = {
    "Authorization": "<token>.",
    "Content-Type": "application/json"
}

response = requests.patch(url, json=payload, headers=headers)

print(response.json())
```

```javascript
const url = 'https://api.sigmacomputing.com/v2/api-credentials/apiCredentialId';
const options = {
  method: 'PATCH',
  headers: {Authorization: '<token>.', 'Content-Type': 'application/json'},
  body: '{}'
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}
```

```go
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io"
)

func main() {

	url := "https://api.sigmacomputing.com/v2/api-credentials/apiCredentialId"

	payload := strings.NewReader("{}")

	req, _ := http.NewRequest("PATCH", url, payload)

	req.Header.Add("Authorization", "<token>.")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
```

```ruby
require 'uri'
require 'net/http'

url = URI("https://api.sigmacomputing.com/v2/api-credentials/apiCredentialId")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Patch.new(url)
request["Authorization"] = '<token>.'
request["Content-Type"] = 'application/json'
request.body = "{}"

response = http.request(request)
puts response.read_body
```

```java
import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.Unirest;

HttpResponse<String> response = Unirest.patch("https://api.sigmacomputing.com/v2/api-credentials/apiCredentialId")
  .header("Authorization", "<token>.")
  .header("Content-Type", "application/json")
  .body("{}")
  .asString();
```

```php
<?php
require_once('vendor/autoload.php');

$client = new \GuzzleHttp\Client();

$response = $client->request('PATCH', 'https://api.sigmacomputing.com/v2/api-credentials/apiCredentialId', [
  'body' => '{}',
  'headers' => [
    'Authorization' => '<token>.',
    'Content-Type' => 'application/json',
  ],
]);

echo $response->getBody();
```

```csharp
using RestSharp;

var client = new RestClient("https://api.sigmacomputing.com/v2/api-credentials/apiCredentialId");
var request = new RestRequest(Method.PATCH);
request.AddHeader("Authorization", "<token>.");
request.AddHeader("Content-Type", "application/json");
request.AddParameter("application/json", "{}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
```

```swift
import Foundation

let headers = [
  "Authorization": "<token>.",
  "Content-Type": "application/json"
]
let parameters = [] as [String : Any]

let postData = JSONSerialization.data(withJSONObject: parameters, options: [])

let request = NSMutableURLRequest(url: NSURL(string: "https://api.sigmacomputing.com/v2/api-credentials/apiCredentialId")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "PATCH"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error as Any)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()
```