Skip to main content
PATCH
/
organizations
/
me
/
{org_id}
/
applications
/
{app_id}
cURL
curl -X PATCH "https://apx.didit.me/auth/v2/organizations/me/$ORG_ID/applications/$APP_ID/" \
  -H "Authorization: Bearer $ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Acme Production App",
    "website_url": "https://app.acme.example"
  }'
{
  "uuid": "b2c3d4e5-6789-01bc-defg-222222222222",
  "name": "Acme Production App",
  "client_id": "S9LIYGSoWNuGMLHsvEt9dQ",
  "api_key": "05mHcOWL8GathLZlz8oIDawYj9qFAcoSHtz-75PAkuo",
  "website_url": "https://app.acme.example",
  "redirect_uris": [
    "https://acme.example/callback"
  ],
  "terms_url": "https://acme.example/terms",
  "privacy_url": "https://acme.example/privacy",
  "description": null,
  "created_at": "2025-06-01T10:00:00Z"
}
Use this endpoint to keep each application aligned with the customer, brand, environment, or internal use case it represents. For resellers, this lets you rename or update each customer application without sharing credentials across customers. For direct customers, it helps separate products, regions, or environments while keeping everything under one organization.
This endpoint updates application metadata. The api_key stays the same unless you rotate credentials separately.

Authorizations

Authorization
string
header
required

RS256-signed JWT access_token returned by POST /programmatic/login/ or POST /programmatic/verify-email/. Send as Authorization: Bearer <access_token>. Default lifetime is 86400 seconds (24h). This token is only valid against the Account Management endpoints on apx.didit.me/auth/v2. The verification API (verification.didit.me/v3) uses the long-lived api_key as x-api-key instead.

Path Parameters

org_id
string<uuid>
required

UUID of the organization that owns the application.

Example:

"a1b2c3d4-5678-90ab-cdef-111111111111"

app_id
string<uuid>
required

UUID of the application to update.

Example:

"b2c3d4e5-6789-01bc-defg-222222222222"

Body

application/json

Send only the fields you want to change. PATCH semantics: missing fields are preserved.

PATCH body for application metadata. Send only the fields you want to change; omitted fields are preserved. uuid, client_id, and api_key cannot be updated.

name
string

Application display name.

Example:

"Acme Production App"

website_url
string

Website or app URL associated with this application.

Example:

"https://app.acme.example"

redirect_uris
string[]

Allowed redirect URIs for OAuth-style and verification redirect flows.

Example:
["https://acme.example/callback"]
terms_url
string

Terms of service URL shown in the verification flow.

privacy_url
string

Privacy policy URL shown in the verification flow.

description
string

Internal description for the application.

Response

Application updated. The response is the full application record after the change; uuid, client_id, and api_key are unchanged.

Full application record. uuid, client_id, and api_key never change after creation.

uuid
string<uuid>

Application UUID. Use as {app_id} in subsequent calls.

Example:

"b2c3d4e5-6789-01bc-defg-222222222222"

name
string

Application display name shown in the Didit console.

Example:

"Acme Production App"

client_id
string

Public client identifier, safe to embed in OAuth-style flows.

Example:

"S9LIYGSoWNuGMLHsvEt9dQ"

api_key
string

Long-lived secret (also called client_secret). Use as the x-api-key header for every call to https://verification.didit.me/v3/... (sessions, workflows, AML, etc.). Treat as a credential; never expose client-side.

Example:

"05mHcOWL8GathLZlz8oIDawYj9qFAcoSHtz-75PAkuo"

website_url
string | null

Website or app URL associated with this application.

Example:

"https://acme.example"

redirect_uris
string[]

Allowed redirect URIs for OAuth-style and verification redirect flows.

Example:
["https://acme.example/callback"]
terms_url
string | null

Terms of service URL shown in the verification flow.

Example:

"https://acme.example/terms"

privacy_url
string | null

Privacy policy URL shown in the verification flow.

Example:

"https://acme.example/privacy"

description
string | null

Internal description for the application (not shown to end users).

created_at
string<date-time>
Example:

"2025-06-01T10:00:00Z"