Skip to main content
PATCH
Update an app.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

id
string
required

App ID

Body

application/json
allowed_emails
string[] | null
custom_domain
string | null

Custom domain (e.g. "api.example.com"). Set to empty string or null to remove.

description
string | null
metadata
any
name
string | null
port
integer<int32> | null
Required range: x >= 0
status
string | null

Toggle status: "active" or "inactive"

swap_subdomain_with
string | null

Atomically swap this app's subdomain with another app in the same workspace. Both apps trade name (and therefore Caddy subdomain) in a single DB transaction + a single Caddy resync pass. Mutually exclusive with every other field on this body — combining them returns 400.

The two apps must satisfy a blue-green sibling relationship (other.name == "{app.name}-<suffix>" or vice versa), share the same (user_id, workspace_id), agree on visibility and allowed_emails, and neither may have a custom domain attached. See the security checklist in the swap handler for full rejection conditions.

visibility
null | enum<string>
Available options:
private,
public,
privileged

Response

App updated

app
object
required

OpenAPI-facing mirror of the canonical app payload.

Response types can keep serializing rig_data_store::models::App while pointing schema generation at this local mirror to avoid cross-crate derive coupling in utoipa.