--- title: Update url: https://www.tines.com/docs/api/credentials/update/ updated: 2026-04-02T11:20:06+00:00 description: Use a HTTP PUT request to update a [credential](/docs/credentials). --- *[tines.com](https://www.tines.com/llms.txt) › [Docs](https://www.tines.com/llms.txt) › [Tines API](https://www.tines.com/llms.txt) › [Credentials](https://www.tines.com/llm/docs/api/credentials.md)* # Update *[View on tines.com](https://www.tines.com/docs/api/credentials/update/)* ## Description Use a HTTP PUT request to update a [credential](/docs/credentials). ## Request HTTP Method: **PUT** | Parameter | Description | | ------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | mode | Describes the type of credential (`TEXT, JWT, OAUTH, AWS, MTLS, HTTP_REQUEST_AGENT, MULTI_REQUEST`). | | name | **Optional** Name of the credential. | | folder_id | **Optional** The ID of the folder to move the credential to, or an empty value to indicate the root folder. Note that this folder must exist within the team identified by `team_id`, or the credential's current team if `team_id` isn't specified. | | read_access | **Optional** Control where this credential can be used (`TEAM`, `GLOBAL`, `SPECIFIC_TEAMS`). default: `TEAM`. (`SPECIFIC_TEAMS` is a premium feature. [Reach out to find out more](https://tines.com/contact-support).) | | shared_team_slugs | **Optional** List of teams' slugs where this credential can be used. Required to set `read_access` to `SPECIFIC_TEAMS`. default: `[]` (empty array). | | description | **Optional** Description of the credential. default: `""` (empty string). | | metadata | **Optional** Key/value metadata for use in HTTP requests alongside the credential value | | allowed_hosts | **Optional** Array of domains where this credential can only be used in HTTP requests. Domain matching supports wildcards. | | test_credential_enabled | **Optional** A boolean value stating if the credential is enabled for using a test credential | | is_test | **Optional** Boolean value stating if the test credential should be updated. `test_credential_enabled` must be set to `TRUE` and a test credential must exist for the update to succeed. | | expires_at | **Optional** ISO 8601 Timestamp representing date and time the credential will expire. Default: `null`. See: [Credential expiry](https://www.tines.com/docs/credentials/credential-configuration/expiry) | | expiry_notifications_enabled | **Optional** A boolean value stating whether or not expiry notifications are enabled. Default: `false`. See: [Credential expiry email reminders](https://www.tines.com/docs/credentials/credential-configuration/expiry/#email-reminders) | | credential_notification_recipient_user_ids | **Optional** List of user IDs that will be sent credential notifications (e.g. expiry notifications) | #### TEXT Options | Parameter | Description | | --------- | ------------------------ | | value | Value of the credential. | #### OAUTH Options | Parameter | Description | | ---------------------------- | ---------------------------------------------------------------------------------------------- | | oauth_url | Your app oauth url | | oauth_token_url | Your app oauth token url | | oauth_client_id | The client ID for your app | | oauth_client_secret | The client secret for your app | | oauth_scope | Enter one or more scope values indicating which parts of the user’s account you wish to access | | oauth_grant_type | Tines supports `client_credentials` and `authorization_code` grants. | | oauthPkceCodeChallengeMethod | PKCE challenge method (`S256`, `plain`). default: `NULL` (None). | #### MTLS Options | Parameter | Description | | ----------------------- | --------------------------------------------------------------------------------------- | | mtls_client_certificate | The certificate file issued by the CA for this client | | mtls_client_private_key | The private key file for the client certificate | | mtls_root_certificate | The root certificate file for the certificate authority (CA) responsible for signatures | #### JWT Options | Parameter | Description | | ----------------------------- | ----------------------------------------------- | | jwt_algorithm | The algorithm to be used when computing the JWT | | jwt_payload | The payload to be included in the JWT | | jwt_auto_generate_time_claims | Auto generate ‘iat’ & ‘exp’ claims | | jwt_private_key | The private key to be used to sign the JWT | #### HTTP_REQUEST_AGENT Options | Parameter | Description | | ------------------------------ | ---------------------------------------------------------------------------------------------------------------- | | http_request_options | JSON string representing the Agents::HTTPRequestAgent Options (required) | | http_request_location_of_token | Location of token from response (required) | | http_request_secret | Secret value to save in an http request. This can be referenced as `secret` in the HTTP request options builder. | | http_request_ttl | Time to live (TTL) in seconds. Not sending this value during an update/PUT operation will update it to null. | #### MULTI_REQUEST Options | Parameter | Description | | ------------------------------ | ------------------------------------------------------------------------------------------------------------ | | http_request_location_of_token | Location of token from response (required) | | credential_requests | List of requests to run to fetch the credential values (required). | | http_request_ttl | Time to live (TTL) in seconds. Not sending this value during an update/PUT operation will update it to null. | #### AWS Options | Parameter | Description | | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------ | | aws_authentication_type | The authentication method with AWS, key-based-access or role-based-access(`KEY`, `ROLE`, `INSTANCE_PROFILE`) | | aws_access_key | The `access key` from your [AWS Security Credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) | | aws_secret_key | The `access secret` from your [AWS Security Credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) | | aws_assumed_role_arn | **Required for role-based-access** The ARN of the role you wish to assume, e.g.: `arn:aws:iam::123456789012:role/write-access-role` | ### Sample request ```bash curl -X PUT \ https:///api/v1/user_credentials/<> \ -H 'content-type: application/json' \ -H 'Authorization: Bearer <>' \ -d '{ "name": "Updated credential name", "value": "Updated secret value", "mode": "TEXT", "metadata": { "account_domain": "https://updatedmetadataexample.com" } }' ``` ## Response A successful request will return a JSON object describing the created credential. ### Field description | Parameter | Description | | ------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | id | credential ID. | | name | Name of the credential. | | mode | Describes the type of credential (`TEXT, JWT, OAUTH, AWS, MTLS, HTTP_REQUEST_AGENT, MULTI_REQUEST`). | | team_id | ID of team to which the credential belongs. | | folder_id | ID of folder to which the credential belongs. | | read_access | Control where this credential can be used (`TEAM`, `GLOBAL`, `SPECIFIC_TEAMS`). | | shared_team_slugs | List of teams' slugs where this credential can be used when `read_access` is `SPECIFIC_TEAMS`, otherwise empty. | | description | Description of the credential. | | slug | An underscored representation of the credential name | | created_at | ISO 8601 Timestamp representing date and time the credential was created. | | updated_at | ISO 8601 Timestamp representing date and time the credential was last updated. | | allowed_hosts | Array of domains where this credential can only be used in HTTP requests. | | metadata | Key/value metadata for use in HTTP requests alongside the credential value. | | restriction_type | The type of restriction applied to the use of the credential (`RESTRICTED`,`RESTRICTED_TO_CREDENTIALS` ,`UNRESTRICTED` ) | | test_credential_enabled | A boolean value stating if the credential is enabled for using a test credential | | test_credential | Data specific to the test credential (`created_at` and `updated_at`) | | owner | An object representing the user who owns this credential. By default, the owner is the user who created the credential. | | expires_at | ISO 8601 Timestamp representing date and time the credential will expire. Default: `null`. See: [Credential expiry](https://www.tines.com/docs/credentials/credential-configuration/expiry) | | expiry_notifications_enabled | A boolean value stating whether or not expiry notifications are enabled. Default: `false`. See: [Credential expiry email reminders](https://www.tines.com/docs/credentials/credential-configuration/expiry/#email-reminders) | | credential_notification_recipient_user_ids | List of user IDs that will be sent credential notifications (e.g. expiry notifications) | ### Sample response ```json { "id": 1, "name": "tines_api_credential", "mode": "TEXT", "team_id": 2, "folder_id": 1, "read_access": "TEAM", "shared_team_slugs": [], "slug": "tines_api_credential", "created_at": "2021-03-26T12:34:16.540Z", "updated_at": "2021-03-26T12:34:16.540Z", "description": "", "allowed_hosts": [], "metadata": { "account_domain": "https://example.com" }, "restriction_type": "UNRESTRICTED", "test_credential_enabled": false, "owner": { "user_id": 1, "first_name": "Jane", "last_name": "Doe", "email": "jane@tines.io" } } ```