> ## Documentation Index
> Fetch the complete documentation index at: https://ngrok.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

> Apply a partial update to an AI Gateway access key configuration.

# Update an AI Gateway access key configuration



## OpenAPI

````yaml openapi/ai-gateway.yaml PATCH /access-key-configurations/{id}
openapi: 3.0.3
info:
  title: AI Gateway APIs
  version: 0.1.0
  description: |
    Control-plane HTTP APIs served by the ai-gateway-control service.
servers:
  - url: https://api.ngrok.ai
security:
  - bearerAuth: []
tags:
  - name: AI Gateway Access Key Configurations
    description: Manage reusable access key configurations (scope and routing rules).
  - name: AI Gateway Access Keys
    description: Manage ngrok-managed access keys associated with AI Gateway endpoints.
  - name: AI Gateway Configuration
    description: >-
      Manage per-account AI Gateway configuration (timeouts, token caps,
      metadata).
  - name: AI Gateway API Keys
    description: Manage customer-facing AI Gateway API Keys.
  - name: AI Gateway Credits
    description: Purchase AI Gateway credits via Stripe Checkout.
  - name: AI Gateway Providers
    description: Manage AI Gateway providers and the models they expose.
  - name: AI Gateway Custom Providers
    description: Manage custom AI Gateway providers and the models they expose.
  - name: AI Gateway Provider Keys
    description: Manage provider keys attached to AI Gateway managed access keys.
  - name: AI Gateway Usage
    description: >-
      Read-only AI Gateway usage events and aggregated usage overview for the
      authenticated account.
paths:
  /access-key-configurations/{id}:
    parameters:
      - $ref: '#/components/parameters/AIGatewayAccessKeyConfigurationID'
    patch:
      tags:
        - AI Gateway Access Key Configurations
      summary: Update an AI Gateway access key configuration
      description: |
        Apply a partial update to an AI Gateway access key configuration.
        Omit a field to leave it unchanged; send null to clear it.
      operationId: UpdateAIGatewayAccessKeyConfiguration
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AIGatewayAccessKeyConfigurationUpdate'
      responses:
        '200':
          description: The updated AI Gateway access key configuration.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AIGatewayAccessKeyConfiguration'
        default:
          $ref: '#/components/responses/Error'
components:
  parameters:
    AIGatewayAccessKeyConfigurationID:
      name: id
      in: path
      required: true
      description: Unique identifier for an AI Gateway access key configuration.
      schema:
        type: string
  schemas:
    AIGatewayAccessKeyConfigurationUpdate:
      type: object
      additionalProperties: false
      properties:
        name:
          type: string
          nullable: true
          maxLength: 255
          description: User-defined label for this configuration.
        description:
          type: string
          nullable: true
          maxLength: 255
          description: Human-readable description.
        metadata:
          type: string
          nullable: true
          maxLength: 4096
          description: Arbitrary user-defined metadata.
        access:
          nullable: true
          allOf:
            - $ref: '#/components/schemas/AccessScope'
        router:
          nullable: true
          allOf:
            - $ref: '#/components/schemas/RouterWrite'
    AIGatewayAccessKeyConfiguration:
      type: object
      additionalProperties: false
      required:
        - id
        - uri
        - name
        - createdAt
        - updatedAt
        - createdBy
        - lastUpdatedBy
      properties:
        id:
          type: string
          description: Unique identifier for this configuration.
        uri:
          type: string
          description: URI of this AI Gateway Access Key Configuration API resource.
        name:
          type: string
          description: User-defined label for this configuration.
        createdAt:
          type: string
          format: date-time
          description: Timestamp when the configuration was created.
        updatedAt:
          type: string
          format: date-time
          description: Timestamp when the configuration was last updated.
        createdBy:
          $ref: '#/components/schemas/Ref'
        lastUpdatedBy:
          $ref: '#/components/schemas/Ref'
        description:
          type: string
          description: Human-readable description.
        metadata:
          type: string
          description: Arbitrary user-defined metadata.
        access:
          $ref: '#/components/schemas/AccessScope'
        router:
          $ref: '#/components/schemas/Router'
    AccessScope:
      type: object
      additionalProperties: false
      description: |
        Scope controlling which providers and models are reachable.
        Omit the entire object for allow-all. Each dimension is
        independently optional.
      properties:
        providers:
          allOf:
            - $ref: '#/components/schemas/AccessDimension'
          description: >-
            Provider scope. Entries are provider references (catalog providerId
            or user-defined providerId / aigp_… id).
        models:
          allOf:
            - $ref: '#/components/schemas/AccessDimension'
          description: >-
            Model scope. Entries are model ids (e.g. `openai:openai/gpt-4o`,
            `openai/gpt-4.1`).
    RouterWrite:
      type: object
      additionalProperties: false
      description: |
        Routing configuration. Omit to use defaults: built-in providers
        get an implicit ngrok step; user-defined providers fail until a
        rule with user keys exists.
      properties:
        rules:
          type: array
          items:
            $ref: '#/components/schemas/RouterRuleWrite'
    Ref:
      type: object
      additionalProperties: false
      required:
        - id
        - uri
      properties:
        id:
          type: string
          description: Resource identifier.
        uri:
          type: string
          description: URI for locating the resource.
    Router:
      type: object
      additionalProperties: false
      properties:
        rules:
          type: array
          items:
            $ref: '#/components/schemas/RouterRule'
    Error:
      type: object
      additionalProperties: false
      required:
        - statusCode
        - msg
        - details
      properties:
        errorCode:
          type: string
          description: Stable ngrok error code when available.
        statusCode:
          type: integer
          format: int32
          description: HTTP status code for this error.
        msg:
          type: string
          description: Human-readable error message.
        details:
          type: object
          description: Structured error details.
          additionalProperties:
            type: string
    AccessDimension:
      type: object
      additionalProperties: false
      properties:
        allow:
          type: array
          description: |
            Allowed entries (exact strings in MVP; no wildcards). Omit to
            impose no restriction on this dimension; empty array means
            nothing is allowed.
          items:
            type: string
    RouterRuleWrite:
      type: object
      additionalProperties: false
      required:
        - steps
      description: |
        A routing rule. Scope it by `provider`, `model`, or both.
        Model rules take precedence over provider rules for the same upstream.
      properties:
        provider:
          type: string
          description: |
            Provider reference for this rule. At most one provider rule per
            upstream in MVP.
        model:
          type: string
          description: |
            Provider-qualified model id (e.g. `openai:openai/gpt-5.5`).
            Open-provider ids (e.g. `openai/gpt-5.5`) are post-MVP.
        steps:
          type: array
          minItems: 1
          description: Fallback chain. Steps run in order.
          items:
            $ref: '#/components/schemas/RouterStepWrite'
    RouterRule:
      type: object
      additionalProperties: false
      required:
        - steps
      properties:
        provider:
          type: string
        model:
          type: string
        steps:
          type: array
          items:
            $ref: '#/components/schemas/RouterStep'
    RouterStepWrite:
      type: object
      additionalProperties: false
      required:
        - type
      properties:
        type:
          type: string
          enum:
            - user
            - ngrok
          description: |
            Step type. `user` for BYOK credentials via /provider-keys;
            `ngrok` for ngrok-subsidized inference (built-in providers only).
        keys:
          type: array
          description: Provider keys for this step. Required when type is `user`.
          items:
            $ref: '#/components/schemas/RouterStepKeyWrite'
        keySelectionStrategy:
          type: string
          enum:
            - ordered
          description: >-
            How to select among `keys`. MVP supports `ordered` only (try keys in
            list order).
    RouterStep:
      type: object
      additionalProperties: false
      required:
        - type
      properties:
        type:
          type: string
          enum:
            - user
            - ngrok
        keys:
          type: array
          items:
            $ref: '#/components/schemas/RouterStepKey'
        keySelectionStrategy:
          type: string
          enum:
            - ordered
    RouterStepKeyWrite:
      type: object
      additionalProperties: false
      description: |
        Key attachment on write. Either attach an existing /provider-keys
        row by `id`, or inline-create a new key with `name` + `value`.
      properties:
        id:
          type: string
          description: ID of an existing /provider-keys row to attach.
        name:
          type: string
          maxLength: 255
          description: Label for a new inline-created key. Required with `value`.
        value:
          type: string
          description: >-
            Plaintext key value for inline create. Write-only; never returned on
            read.
    RouterStepKey:
      type: object
      additionalProperties: false
      required:
        - id
        - name
        - keyRedacted
      properties:
        id:
          type: string
          description: Provider key ID.
        name:
          type: string
          description: User-defined label.
        keyRedacted:
          type: string
          description: Redacted display form of the key value.
  responses:
    Error:
      description: API error response.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer

````