Required Permissions
Your root key must have one of the following permissions:api.*.update_key(to update keys in any API)api.<api_id>.update_key(to update keys in a specific API)
Side Effects
Invalidates the key cache for immediate effect, and makes role assignments available for verification within 30 seconds across all regions.Request
Specifies which key receives the additional roles using the database identifier returned from
createKey.Do not confuse this with the actual API key string that users include in requests.Added roles supplement existing roles and permissions without replacing them.Role assignments take effect immediately but may take up to 30 seconds to propagate across all regions.Pattern: ^[a-zA-Z0-9_]+$Example: key_2cGKbMxRyIzhCxo1Idjz8qAssigns additional roles to the key through direct assignment to existing workspace roles.Operations are idempotent - adding existing roles has no effect and causes no errors.All roles must already exist in the workspace - roles cannot be created automatically.Invalid roles cause the entire operation to fail atomically, ensuring consistent state.Pattern:
^[a-zA-Z][a-zA-Z0-9._-]*$Min items: 1Max items: 100Example: ["editor", "viewer"]Response
Complete list of all roles directly assigned to the key after the operation completes.The response includes:
- All roles now assigned to the key (both pre-existing and newly added)
- Both ID and name of each role for easy reference
- The response shows the complete current state after the addition
- An empty array means the key has no roles assigned (unlikely after an add operation)
- This only shows direct role assignments, not inherited or nested roles
- Role permissions are not expanded in this response - use keys.getKey for full details