Update tokens
Updates tags
and expiration
token metadata.
The role performing this operation must have both of these:
- The
CapTokensWriter
capability. - At least one allowing policy and no denying policies for the
write
operation for thetokens
resource of the collection specified in the call.
See identity and access management for more information about how capabilities are used to control access to operations and policies are used to control access to data.
The tokens returned by this operation are defined using three query parameters: token_ids
, object_ids
, and tags
. If no tokens are matched, status code 404 is returned. See the Retrieve a token guide for more information about how to match tokens for this operation.
Request
Header parameters
X-Tenant-Id
- array of stringsList of tenant IDs to enforce on the request.
Path parameters
collection
- string required*The name of a collection.
Query parameters
expiration_secs
- stringExpiration time in seconds for the tokens. If not set, the expiry dates of the tokens are not changed. If set to an empty value, the token will be marked to not expire.'
object_ids
- array of stringsComma-separated list of object IDs.
Each string:tags
- array of stringsComma-separated list of tags.
token_ids
- array of stringsComma-separated list of token IDs.
options
- array of stringsOptions for the operation. Options include:
archived
– whether to update only archived tokens. If not specified, update only active tokens.
adhoc_reason
- stringAn ad-hoc reason for accessing the Vault data. Required when
reason
is set toOther
.reason
- string required*Details of the reason for requesting the property. The default is set when no access reason is provided and PVAULT_SERVICE_FORCE_ACCESS_REASON is false.
reload_cache
- booleanReloads the cache before the action.
Request body
Update token request details.
- application/json
tags
- array of stringsReplacement tags for the tokens.
Each string:
{
"tags": [
"credit_cards"
]
}
Possible responses
- 200
- 400
- 401
- 403
- 404
- 405
- 409
- 410
- 500
- 503
The request is successful.
The request is invalid.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
{
"error_code": "PV1001",
"message": "The access reason is missing.",
"context": {
"reason": null
}
}
Authentication credentials are incorrect or missing.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
{
"error_code": "PV1005",
"message": "The request is unauthorized.",
"context": {}
}
The caller doesn't have the required access rights.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
{
"error_code": "PV1007",
"message": "The operation is forbidden due to missing capabilities.",
"context": {
"username": "WebServer"
}
}
The collection or reason aren't found or are missing, the reason
is set to other
but no adhoc_reason
is provided, no token query parameters are provided, or the query finds no matching tokens.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
{
"error_code": "PV3009",
"message": "The token is not found."
}
The operation is not allowed.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
{
"error_code": "PV1026",
"message": "The operation is not allowed in in-memory mode.",
"context": {}
}
A conflict occurs.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
{
"error_code": "PV3218",
"message": "Concurrent conflicting updates to the same object.",
"context": {}
}
Access to a resource that is no longer available occurs.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
{
"error_code": "PV1033",
"message": "The resource is gone.",
"context": {}
}
An error occurs on the server.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
{
"error_code": "PV1000",
"message": "Something went wrong",
"context": {}
}
The service is unavailable.
- application/json
context
- object required*The error context.
Values of additional properties are stringsExample{
"objectid": "b56dd6aa-35f0-11ed-a261-0242ac120002"
}error_code
- string required*The error code.
message
- string required*The error message.
{
"error_code": "PV1009",
"message": "The operation timed out on the server.",
"context": {}
}
Path parameters
Query parameters
Headers
Request body
Code examples