Skip to content
API Enriched

Replace Authentication.

PUT
/api/config/namespaces/{metadata.namespace}/authentications/{metadata.name}
curl --request PUT \
  --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/config/namespaces/example/authentications/example \
  --header 'Authorization: <Authorization>' \
  --header 'Content-Type: application/json' \
  --data '{ "metadata": { "annotations": {}, "description": "example", "disable": true, "labels": {}, "name": "example", "namespace": "example" }, "spec": { "cookie_params": { "auth_hmac": { "prim_key": { "blindfold_secret_info": { "decryption_provider": "example", "location": "example", "store_provider": "example" }, "clear_secret_info": { "provider": "example", "url": "https://example.com" } }, "prim_key_expiry": "2026-04-15T12:00:00Z", "sec_key": { "blindfold_secret_info": { "decryption_provider": "example", "location": "example", "store_provider": "example" }, "clear_secret_info": { "provider": "example", "url": "https://example.com" } }, "sec_key_expiry": "2026-04-15T12:00:00Z" }, "cookie_expiry": 1, "cookie_refresh_interval": 1, "kms_key_hmac": {}, "session_expiry": 1 }, "oidc_auth": { "client_secret": { "blindfold_secret_info": { "decryption_provider": "example", "location": "example", "store_provider": "example" }, "clear_secret_info": { "provider": "example", "url": "https://example.com" } }, "oidc_auth_params": { "auth_endpoint_url": "example", "end_session_endpoint_url": "example", "token_endpoint_url": "example" }, "oidc_client_id": "example", "oidc_well_known_config_url": "example" } } }'

Replace authentications.

Examples of this operation.

Authorizations

Section titled “Authorizations”

Parameters

Section titled “Parameters”

Path Parameters

Section titled “Path Parameters”
metadata.namespace
required
string

Namespace This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""

metadata.name
required
string

Name The configuration object to be replaced will be looked up by name.

Request Bodyrequired

Section titled “Request Bodyrequired”
Media typeapplication/json
ReplaceRequest is used to replace contents of a authentication

This is the input message of the ‘Replace’ RPC.

object
metadata
object
annotations
annotations

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.

object
description
description

Human readable description for the object.

string
>= 21 characters <= 1200 characters
disable
disable

A value of true will administratively disable the object.

boolean format: boolean
labels
labels

Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the user. Values specified here will be used by selector expression.

object
name
name

This is the name of configuration object. It has to be unique within the namespace. It can only be specified during create API and cannot be changed during replace API. The value of name has to follow DNS-1035 format. Required: YES.

string
>= 6 characters <= 1024 characters
namespace
namespace

This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""

string
>= 6 characters <= 1024 characters
spec
object
cookie_params
object
auth_hmac
object
prim_key
object
blindfold_secret_info
object
decryption_provider
Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string
<= 1024 characters
location
Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string
>= 4 characters <= 1024 characters
store_provider
Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string
<= 1024 characters
clear_secret_info
object
provider
Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string
>= 3 characters <= 1024 characters
url
URL

URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.

string format: uri
<= 131072 characters
prim_key_expiry
HMAC Primary Key Expiry Time

Primary HMAC Key Expiry time

Required: YES.

string format: date-time
<= 1024 characters
sec_key
object
blindfold_secret_info
object
decryption_provider
Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string
<= 1024 characters
location
Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string
>= 4 characters <= 1024 characters
store_provider
Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string
<= 1024 characters
clear_secret_info
object
provider
Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string
>= 3 characters <= 1024 characters
url
URL

URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.

string format: uri
<= 131072 characters
sec_key_expiry
HMAC Secondary Key Expiry Time

Secondary HMAC Key Expiry time

Required: YES.

string format: date-time
<= 1024 characters
cookie_expiry
cookie expiry

Specifies in seconds max duration of the allocated cookie. This maps to “Max-Age” attribute in the session cookie. This will act as an expiry duration on the client side after which client will not be setting the cookie as part of the request. Default cookie expiry is 3600 seconds.

integer format: int64
cookie_refresh_interval
cookie refresh interval

Specifies in seconds refresh interval for session cookie. This is used to keep the active user active and reduce RE-login. When an incoming cookie’s session expiry is still valid, and time to expire falls behind this interval, RE-issue a cookie with new expiry and with the same original session expiry. Default refresh interval is 3000 seconds.

integer format: int64
kms_key_hmac
object
session_expiry
session expiry

Specifies in seconds max lifetime of an authenticated session after which the user will be forced to login again. Default session expiry is 86400 seconds(24 hours).

integer format: int64
oidc_auth
object
client_secret
object
blindfold_secret_info
object
decryption_provider
Decryption Provider

Name of the Secret Management Access object that contains information about the backend Secret Management service.

string
<= 1024 characters
location
Location

Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location Required: YES.

string
>= 4 characters <= 1024 characters
store_provider
Store Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string
<= 1024 characters
clear_secret_info
object
provider
Provider

Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///.

string
>= 3 characters <= 1024 characters
url
URL

URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded Base64 format. When asked for this secret, caller will GET Secret bytes after Base64 decoding. Required: YES.

string format: uri
<= 131072 characters
oidc_auth_params
object
auth_endpoint_url
Authorization Endpoint

URL of the authorization server’s authorization endpoint. Required: YES.

string
>= 1 characters <= 128 characters
end_session_endpoint_url
Logout Endpoint

URL of the authorization server’s Logout endpoint. Required: YES.

string
>= 1 characters <= 128 characters
token_endpoint_url
Token Endpoint

URL of the authorization server’s Token endpoint. Required: YES.

string
>= 1 characters <= 128 characters
oidc_client_id
OIDC Client ID

Client ID used while sending the Authorization Request to OIDC server Required: YES.

string
>= 1 characters <= 256 characters
oidc_well_known_config_url
OIDC Config URL

Exclusive with [oidc_auth_params] An OIDC well-known configuration URL that will be used to fetch authentication related endpoints.

string
>= 1 characters <= 128 characters
Examplegenerated
{
  "metadata": {
    "annotations": {},
    "description": "example",
    "disable": true,
    "labels": {},
    "name": "example",
    "namespace": "example"
  },
  "spec": {
    "cookie_params": {
      "auth_hmac": {
        "prim_key": {
          "blindfold_secret_info": {
            "decryption_provider": "example",
            "location": "example",
            "store_provider": "example"
          },
          "clear_secret_info": {
            "provider": "example",
            "url": "https://example.com"
          }
        },
        "prim_key_expiry": "2026-04-15T12:00:00Z",
        "sec_key": {
          "blindfold_secret_info": {
            "decryption_provider": "example",
            "location": "example",
            "store_provider": "example"
          },
          "clear_secret_info": {
            "provider": "example",
            "url": "https://example.com"
          }
        },
        "sec_key_expiry": "2026-04-15T12:00:00Z"
      },
      "cookie_expiry": 1,
      "cookie_refresh_interval": 1,
      "kms_key_hmac": {},
      "session_expiry": 1
    },
    "oidc_auth": {
      "client_secret": {
        "blindfold_secret_info": {
          "decryption_provider": "example",
          "location": "example",
          "store_provider": "example"
        },
        "clear_secret_info": {
          "provider": "example",
          "url": "https://example.com"
        }
      },
      "oidc_auth_params": {
        "auth_endpoint_url": "example",
        "end_session_endpoint_url": "example",
        "token_endpoint_url": "example"
      },
      "oidc_client_id": "example",
      "oidc_well_known_config_url": "example"
    }
  }
}

Responses

Section titled “Responses”

200

Section titled “200”

A successful response.

Media typeapplication/json
object
Examplegenerated
{}

401

Section titled “401”

Returned when operation is not authorized.

Media typeapplication/json
string format: string
Examplegenerated
example

403

Section titled “403”

Returned when there is no permission to access resource.

Media typeapplication/json
string format: string
Examplegenerated
example

404

Section titled “404”

Returned when resource is not found.

Media typeapplication/json
string format: string
Examplegenerated
example

409

Section titled “409”

Returned when operation on resource is conflicting with current value.

Media typeapplication/json
string format: string
Examplegenerated
example

429

Section titled “429”

Returned when operation has been rejected as it is happening too frequently.

Media typeapplication/json
string format: string
Examplegenerated
example

500

Section titled “500”

Returned when server encountered an error in processing API.

Media typeapplication/json
string format: string
Examplegenerated
example

503

Section titled “503”

Returned when service is unavailable temporarily.

Media typeapplication/json
string format: string
Examplegenerated
example

504

Section titled “504”

Returned when server timed out processing request.

Media typeapplication/json
string format: string
Examplegenerated
example