Skip to main content

Update tokens


Updates tags and expiration token metadata.

The role performing this operation must have both of these:

  • The CapTokensWriter capability.
  • At least one allowing policy and no denying policies for the write operation for the tokens resource of the collection specified in the call.

See identity and access management for more information about how capabilities are used to control access to operations and policies are used to control access to data.

The tokens returned by this operation are defined using three query parameters: token_ids, object_ids, and tags. If no tokens are matched, status code 404 is returned. See the Retrieve a token guide for more information about how to match tokens for this operation.


Header parameters

  • X-Tenant-Id - array of strings

    List of tenant IDs to enforce on the request.

Path parameters

  • collection - string required*

    The name of a collection.

Query parameters

  • expiration_secs - string

    Expiration time in seconds for the tokens. If not set, the expiry dates of the tokens are not changed. If set to an empty value, the token will be marked to not expire.'

  • object_ids - array of strings

    Comma-separated list of object IDs.

    Each string:
  • tags - array of strings

    Comma-separated list of tags.

  • token_ids - array of strings

    Comma-separated list of token IDs.

  • options - array of strings

    Options for the operation. Options include:

    • archived – whether to update only archived tokens. If not specified, update only active tokens.
    Each string:
  • adhoc_reason - string

    An ad-hoc reason for accessing the Vault data. Required when reason is set to Other.

  • reason - string required*

    Details of the reason for requesting the property. The default is set when no access reason is provided and PVAULT_SERVICE_FORCE_ACCESS_REASON is false.

  • reload_cache - boolean

    Reloads the cache before the action.

Request body

Update token request details.

object required*
  • tags - array of strings

    Replacement tags for the tokens.

    Each string:
"tags": [

Possible responses

The request is successful.

Try the API


Path parameters

Query parameters


Request body

Navigate to the docs of your local Vault installation to try the API directly from there.

Code examples