Application Security Settings Update

Updates the stream security settings for an application.

Request

Property	Value
Method	`PATCH`
URL	`/api/applications/{appName}/settings/security`
Content-Type	`application/json`
Authentication	Bearer Token

Path Parameters

Parameter	Type	Required	Description
`appName`	string	Yes	Application name

Request Body

Parameter	Type	Required	Description
`data.attributes.tokenProtectionEnabled`	boolean	No	Enable token protection
`data.attributes.hashAlgorithm`	string	No	Hash algorithm for tokens
`data.attributes.tokenLifespan`	integer	No	Token lifespan in seconds
`data.attributes.secret`	string	No	Secret key for token signing
`data.attributes.domainAccessRights`	array	No	Domain access rules
`data.attributes.domainAccessRights[].type`	"allow" \| "deny"	Yes	Rule type
`data.attributes.domainAccessRights[].domain`	string	Yes	Domain pattern (`"*"` for all)

Example Request

{
  "data": {
    "attributes": {
      "tokenProtectionEnabled": true,
      "hashAlgorithm": "sha256",
      "tokenLifespan": 600,
      "secret": "viewer-secret",
      "domainAccessRights": [
        {
          "type": "deny",
          "domain": "*"
        },
        {
          "type": "allow",
          "domain": "myplatform.com"
        }
      ]
    }
  }
}

Example Request (Disable Token Protection)

{
  "data": {
    "attributes": {
      "tokenProtectionEnabled": false
    }
  }
}

Response

Status Codes

Code	Description
200	Success - Settings updated
400	Bad Request - Invalid parameters
401	Unauthorized - Invalid or missing token
404	Not Found - Application does not exist
429	Too Many Requests - Rate limit exceeded
500	Internal Server Error

Successful Response (200)

{
  "data": {
    "attributes": {
      "tokenProtectionEnabled": {
        "editable": true,
        "value": true
      },
      "hashAlgorithm": {
        "editable": true,
        "value": "sha256"
      },
      "tokenLifespan": {
        "editable": true,
        "value": 600
      },
      "secret": {
        "editable": true,
        "value": "viewer-secret"
      },
      "domainAccessRights": [
        {
          "type": {
            "editable": true,
            "value": "deny"
          },
          "domain": {
            "editable": true,
            "value": "*"
          }
        },
        {
          "type": {
            "editable": true,
            "value": "allow"
          },
          "domain": {
            "editable": true,
            "value": "myplatform.com"
          }
        }
      ]
    }
  },
  "meta": {
    "executionTime": 10,
    "generatedAt": 1766070953277
  },
  "message": "Security Settings have been updated"
}

Response Body

Security Settings

Parameter	Type	Description
`data.attributes.tokenProtectionEnabled.value`	boolean	Token protection enabled status
`data.attributes.tokenProtectionEnabled.editable`	boolean	Indicates if the field can be modified
`data.attributes.tokenProtectionEnabled.lockedBy`	string	Locked by environment variable (if present)
`data.attributes.hashAlgorithm.value`	string	Hash algorithm for tokens
`data.attributes.hashAlgorithm.editable`	boolean	Indicates if the field can be modified
`data.attributes.hashAlgorithm.lockedBy`	string	Locked by environment variable (if present)
`data.attributes.tokenLifespan.value`	integer	Token lifespan in seconds
`data.attributes.tokenLifespan.editable`	boolean	Indicates if the field can be modified
`data.attributes.tokenLifespan.lockedBy`	string	Locked by environment variable (if present)
`data.attributes.secret.value`	string	Secret key for token signing
`data.attributes.secret.editable`	boolean	Indicates if the field can be modified
`data.attributes.secret.lockedBy`	string	Locked by environment variable (if present)
`data.attributes.domainAccessRights`	array	Domain access rules
`data.attributes.domainAccessRights[].type.value`	"allow" \| "deny"	Rule type
`data.attributes.domainAccessRights[].type.editable`	boolean	Indicates if the field can be modified
`data.attributes.domainAccessRights[].domain.value`	string	Domain pattern
`data.attributes.domainAccessRights[].domain.editable`	boolean	Indicates if the field can be modified
`message`	string	Response status message

Metadata

Parameter	Type	Description
`meta.executionTime`	integer	Request processing time in milliseconds
`meta.generatedAt`	integer	Response generation timestamp (Unix timestamp in ms)

Error Responses

Application Not Found (404)

{
  "message": "Application not found"
}

Error Response Body

Parameter	Type	Description
`message`	string	Human-readable error message