Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.scute.io/llms.txt

Use this file to discover all available pages before exploring further.

Update authentication settings for an app.

Endpoint

PATCH /v1/apps/:app_id

Authentication

Send your workspace (or app-scoped) API secret as a Bearer token. 
Authorization: Bearer <api_secret_key>
Content-Type: application/json
The bearer must own the app:
  • Workspace key (scwor_…) — can manage any app in the workspace
  • App key (scapp_…) — can only manage its own app
Wrong scope returns 403 "API key not authorized for this app".

Body

Wrap fields in an app object. All fields are optional. send only what you want to change.

Token lifetimes

All values are in seconds.
FieldDefaultTypical rangeDescription
access_expiration360060 – 604800Access token TTL
refresh_expiration6048003600 – 31536000Refresh token TTL
magic_link_expiration200060 – 604800Magic link TTL
otp_expiration60030 – 3600OTP code TTL
session_timeout604800Session inactivity timeout
auto_refreshtrueboolAuto-refresh access tokens
refresh_payloadtrueboolInclude payload in refresh tokens

Other common fields

name, origin, additional_origins[], mfa_policy, mfa_methods_allowed[], email_required, phone_number_required, passkeys_enabled, email_auth_type (magic or otp), otp_length.

Example

curl -X PATCH https://api.scute.io/v1/apps/app_l3RxEBGbQq5Q0b6T6K6N \
  -H "Authorization: Bearer $SCUTE_API_SECRET" \
  -H "Content-Type: application/json" \
  -d '{
    "app": {
      "access_expiration": 7200,
      "refresh_expiration": 1209600
    }
  }'

Response — 200 OK

{
  "app": {
    "id": "app_l3RxEBGbQq5Q0b6T6K6N",
    "name": "...",
    "access_expiration": 7200,
    "refresh_expiration": 1209600,
    "magic_link_expiration": 2000,
    "otp_expiration": 600,
    "session_timeout": 604800,
    "auto_refresh": true,
    "...": "..."
  }
}
Changes take effect on the next token issued, existing tokens keep their original expiration until they expire naturally.

Errors

StatusWhen
401Missing or invalid API key
403API key isn’t authorized for this app (wrong workspace)
404App not found
422Validation error (e.g. malformed origin) — error message in error