Update an assignment

PATCH

/portal/v1/accounts/{accountSlug}/applications/{appSlug}/environments/{envSlug}/assignments/{id}

Authentication

Bearer Token Authorization
JWT access token

Path Parameters

Name	Required	Type	Description
`id`	Required	`string`

Request body

role_idstring*
effective_fromstring
effective_tostring

Code samples

cURL

JavaScript

Python

curl -X PATCH "https://api.canopy.dev/portal/v1/accounts/{accountSlug}/applications/{appSlug}/environments/{envSlug}/assignments/value" \
  -H "Authorization: Bearer $CANOPY_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "role_id": "string",
    "effective_from": "string",
    "effective_to": "string"
  }'

const response = await fetch("https://api.canopy.dev/portal/v1/accounts/{accountSlug}/applications/{appSlug}/environments/{envSlug}/assignments/value", {
  method: "PATCH",
  headers: {
    "Authorization": "Bearer $CANOPY_TOKEN",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    "role_id": "string",
    "effective_from": "string",
    "effective_to": "string"
  }),
});

const data = await response.json();

import requests

response = requests.patch(
    "https://api.canopy.dev/portal/v1/accounts/{accountSlug}/applications/{appSlug}/environments/{envSlug}/assignments/value",
    headers={
    "Authorization": "Bearer $CANOPY_TOKEN",
    "Content-Type": "application/json"
    },
    json={
        "role_id": "string",
        "effective_from": "string",
        "effective_to": "string",
    },
)

data = response.json()

package main

import (
	"bytes"
	"encoding/json"
	"net/http"
)

func main() {
	payload := map[string]interface{}{
		"role_id": "string",
		"effective_from": "string",
		"effective_to": "string",
	}
	body, _ := json.Marshal(payload)

	req, _ := http.NewRequest("PATCH", "https://api.canopy.dev/portal/v1/accounts/{accountSlug}/applications/{appSlug}/environments/{envSlug}/assignments/value", bytes.NewBuffer(body))
	req.Header.Set("Authorization", "Bearer $CANOPY_TOKEN")
	req.Header.Set("Content-Type", "application/json")

	resp, _ := http.DefaultClient.Do(req)
	defer resp.Body.Close()
}

Responses

200 Assignment updated

{
  "id": "string",
  "identity_id": "string",
  "application_node_id": "string",
  "role_id": "string",
  "effective_from": "2026-04-20T12:00:00.000Z",
  "effective_to": "2026-04-20T12:00:00.000Z",
  "created_at": "2026-04-20T12:00:00.000Z",
  "updated_at": "2026-04-20T12:00:00.000Z"
}

application/json

idstring*
identity_idstring*
application_node_idstring*
role_idstring*
effective_fromstring (date-time)
effective_tostring (date-time)
created_atstring (date-time)*
updated_atstring (date-time)*

400 System roles cannot be assigned to identities — they are reserved for platform administration

401 Invalid or expired token

403 This token is not authorized for this endpoint (wrong principal type — e.g., admin token on identity-only endpoint, or vice versa)

404 Assignment not found

Returned object

The AssignmentResponseDto object View all properties on this resource

On this page

GETList all assignments across the Application
GETGet App-wide assignment summary
POSTAssign a role to an identity at a node
DELETERemove an assignment
POSTBulk remove assignments
POSTBulk change role on assignments
POSTBulk-create role assignments. All-or-nothing: any failure rolls back the entire batch