Rotate the token

curl --request PUT \
  --url https://agp.eu.hcompany.ai/api/v2/vaults/{vault_id}/token \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "token": "<string>"
}
'

PUT

api

vaults

{vault_id}

token

Rotate the token

curl --request PUT \
  --url https://agp.eu.hcompany.ai/api/v2/vaults/{vault_id}/token \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "token": "<string>"
}
'

Replaces the service account token stored for a vault config. The new token is health-checked against the provider before it is written, so a token that cannot reach op_vault_id is rejected and the old one stays in place. Returns 204 No Content on success.

The request body carries a plaintext service account token. Send it only over HTTPS, never log it, and note that rotation is not idempotent: a retry after a 5xx may apply twice.

Path parameters

vault_id

string

required

The vault config’s id (UUID).

Request body

token

string

required

The new 1Password service account token. Write-only and never returned.

Examples

curl -X PUT https://agp.eu.hcompany.ai/api/v2/vaults/f47ac10b-58cc-4372-a567-0e02b2c3d479/token \
  -H "Authorization: Bearer $HAI_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"token": "ops_newtoken..."}'

Errors

Status	Cause
`404`	Vault not found or you don’t have access.
`422`	The provider rejected the new token. The stored token is unchanged.

Update Delete

​Path parameters

​Request body

​Examples

​Errors

Path parameters

Request body

Examples

Errors