Update an API key

Update a key's name, disabled state, or spend limit. Only the fields you send change.

Authentication

AuthorizationBearer

A management key (prefixed mgmt_), created in the dashboard under Settings, API keys, Management keys. Distinct from a regular gateway API key, and never used to call models.

Path parameters

key_hashstringRequired

The key’s hash from a create or list response.

Request

This endpoint expects an object.

namestring or nullOptional

New name for the key.

disabledboolean or nullOptional

Set true to disable the key, false to re-enable it.

limitdouble or nullOptional

New spend cap in USD.

limit_resetenumOptional

New reset window.

Response

The updated key.

hashstring

Stable identifier for the key. A one-way hash, not the secret, so it is safe to store and log. Use it in get, update, and delete calls.

labelstring

Display label (the key’s public prefix, e.g. mg_8Kx2pQ). Not the secret.

disabledboolean

Whether the key is disabled. A disabled key cannot call the gateway but is not deleted.

usagedouble

Spend in USD in the current reset window.

namestring or null

User-set name for the key.

limitdouble or null

Spend cap in USD over the reset window. Null means no cap.

limit_resetenum

Window the spend cap resets on. Resets at midnight UTC.

limit_remainingdouble or null

Remaining spend in USD before the cap. Null when no limit is set.

created_atdatetime or null

When the key was created.

Errors

400

Bad Request Error

401

Unauthorized Error

404

Not Found Error

$	curl -X PATCH https://gateway.merge.dev/v1/keys/key_hash \
>	-H "Authorization: Bearer <token>" \
>	-H "Content-Type: application/json" \
>	-d '{
>	"disabled": true,
>	"limit": 100
>	}'

1	{
2	"hash": "a1b2c3d4e5f6",
3	"label": "mg_8Kx2pQ",
4	"disabled": true,
5	"usage": 12.4,
6	"name": "customer-acme",
7	"limit": 100,
8	"limit_reset": "monthly",
9	"limit_remaining": 87.6,
10	"created_at": "2026-06-02T17:04:00Z"
11	}