Update a role

PATCH

/portal/v1/accounts/{accountSlug}/applications/{appSlug}/environments/{envSlug}/roles/{id}

Authentication

Bearer Token Authorization
JWT access token

Path Parameters

Name	Required	Type	Description
`id`	Required	`string`

Headers

if-match required
If-Match
Optimistic-lock version of the resource. Send the `version` field returned on read; the server rejects with 409 if the row has changed since.

Request body

namestring
Updated role name
descriptionstring
Updated role description
is_activeboolean
Whether the role is active

Code samples

cURL

JavaScript

Python

curl -X PATCH "https://api.canopy.dev/portal/v1/accounts/{accountSlug}/applications/{appSlug}/environments/{envSlug}/roles/value" \
  -H "if-match: value" \
  -H "If-Match: value" \
  -H "Authorization: Bearer $CANOPY_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "string",
    "description": "string",
    "is_active": false
  }'

const response = await fetch("https://api.canopy.dev/portal/v1/accounts/{accountSlug}/applications/{appSlug}/environments/{envSlug}/roles/value", {
  method: "PATCH",
  headers: {
    "if-match": "value",
    "If-Match": "value",
    "Authorization": "Bearer $CANOPY_TOKEN",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    "name": "string",
    "description": "string",
    "is_active": false
  }),
});

const data = await response.json();

import requests

response = requests.patch(
    "https://api.canopy.dev/portal/v1/accounts/{accountSlug}/applications/{appSlug}/environments/{envSlug}/roles/value",
    headers={
    "if-match": "value",
    "If-Match": "value",
    "Authorization": "Bearer $CANOPY_TOKEN",
    "Content-Type": "application/json"
    },
    json={
        "name": "string",
        "description": "string",
        "is_active": False,
    },
)

data = response.json()

package main

import (
	"bytes"
	"encoding/json"
	"net/http"
)

func main() {
	payload := map[string]interface{}{
		"name": "string",
		"description": "string",
		"is_active": false,
	}
	body, _ := json.Marshal(payload)

	req, _ := http.NewRequest("PATCH", "https://api.canopy.dev/portal/v1/accounts/{accountSlug}/applications/{appSlug}/environments/{envSlug}/roles/value", bytes.NewBuffer(body))
	req.Header.Set("if-match", "value")
	req.Header.Set("If-Match", "value")
	req.Header.Set("Authorization", "Bearer $CANOPY_TOKEN")
	req.Header.Set("Content-Type", "application/json")

	resp, _ := http.DefaultClient.Do(req)
	defer resp.Body.Close()
}

Responses

200 Role updated

{
  "id": "string",
  "application_id": "string",
  "name": "string",
  "description": "string",
  "is_system_role": false,
  "system_key": "string",
  "is_active": false,
  "created_at": "2026-04-20T12:00:00.000Z",
  "updated_at": "2026-04-20T12:00:00.000Z",
  "version": 0,
  "permission_count": 0
}

application/json

idstring*
application_idstring*
namestring*
descriptionstring
is_system_roleboolean*
system_keystring
is_activeboolean*
created_atstring (date-time)*
updated_atstring (date-time)*
versionnumber*
Optimistic-lock version. Send back as the `If-Match` header when updating to detect concurrent edits.
permission_countnumber
Number of permissions currently assigned to this role. Populated on list responses; omitted on single-role responses where the join isn't computed.

401 Invalid or expired token

403 This token is not authorized for this endpoint (wrong principal type — e.g., admin token on identity-only endpoint, or vice versa)

404 Role not found

409 Version mismatch — the resource was modified since the version supplied in If-Match. Refresh and retry.

Returned object

The RoleResponseDto object View all properties on this resource

On this page

GETList roles
POSTCreate a custom role
GETGet a role
DELETEDelete a role
GETGet permissions for a role
PUTReplace permissions on a role