Skip to main content
PUT
/
api
/
token
curl -X PUT https://api.cometapi.com/api/token/ \
  -H "Authorization: your-access-token" \
  -H "Content-Type: application/json" \
  -d '{
    "id": 1234,
    "name": "production-renamed",
    "status": 1,
    "expired_time": -1,
    "remain_quota": 100000,
    "unlimited_quota": false,
    "model_limits_enabled": false,
    "model_limits": "",
    "allow_ips": null,
    "group": "",
    "cross_group_retry": false
  }'
{
  "success": true,
  "message": "",
  "data": {
    "id": 1234,
    "user_id": 5678,
    "key": "<COMETAPI_KEY>",
    "status": 1,
    "name": "production-renamed",
    "created_time": 1766102400,
    "accessed_time": 1766102400,
    "expired_time": -1,
    "remain_quota": 100000,
    "unlimited_quota": false,
    "model_limits_enabled": false,
    "model_limits": "",
    "allow_ips": null,
    "used_quota": 0,
    "group": "",
    "cross_group_retry": false
  }
}

Documentation Index

Fetch the complete documentation index at: https://apidoc.cometapi.com/llms.txt

Use this file to discover all available pages before exploring further.

Use this endpoint to update an API key’s name, status, quota, expiration, model restrictions, IP allowlist, and group settings.
Generate a personal access token at Console → Personal Settings, then send it as the raw Authorization header value. Do not prefix it with Bearer.
This endpoint uses PUT /api/token/, and the id belongs in the JSON body. Send the editable fields you want to preserve; omitted numeric, boolean, or string fields can be reset by the update.

Request body

FieldTypeDescription
idintegerRequired. API key ID returned by List API keys.
namestringUser-readable display name for the key. Must be 50 characters or fewer.
statusintegerOperational status. 1 enables the key for model requests. 2 disables it. 3 marks it expired. 4 marks it quota exhausted. Disabled, expired, or exhausted keys are rejected by model endpoints.
expired_timeintegerUnix timestamp in seconds when the key expires. Use -1 for no expiration. A past timestamp blocks model requests.
remain_quotaintegerRemaining quota in CometAPI internal quota units. If this reaches 0 and unlimited_quota is false, model requests with this key are rejected as quota exhausted.
unlimited_quotabooleanWhether the key bypasses remaining-quota checks. Set true only when the key should keep working even if remain_quota is 0.
model_limits_enabledbooleanWhether to restrict this key to specific models. When false, model_limits is ignored.
model_limitsstringComma-separated model IDs allowed by this key when model_limits_enabled is true. Use model IDs returned by /v1/models; use an empty string for no model restriction.
allow_ipsstring or nullOptional IP allowlist. Provide one JSON string with entries separated by newline characters (\n). Each entry can be a single IPv4 address, single IPv6 address, IPv4 CIDR, or IPv6 CIDR. Use null or "" to disable IP restrictions.
groupstringOptional account group restriction. Use an empty string for no explicit group. Non-empty values must be available to the account, or the API returns success: false.
cross_group_retrybooleanWhether cross-group retry is enabled for automatic group routing. This is only meaningful when the key uses an auto-routed group.

Allowlist format

To allow multiple IPs or CIDR ranges, send them as one JSON string with \n between entries: 
{
  "allow_ips": "198.51.100.10\n203.0.113.0/24\n2001:db8::/32"
}
This example allows one IPv4 address, one IPv4 CIDR range, and one IPv6 CIDR range.

Authorizations

Authorization
string
header
required

Personal access token copied from CometAPI Console > Personal Settings. Send the raw token value; do not prefix it with Bearer.

Body

application/json
id
integer
required

Numeric API key ID returned by the list endpoint. For updates, send this value in the JSON body, not in the URL.

Example:

1234

name
string

User-readable display name for the API key. The backend accepts up to 50 Unicode characters; longer names return success: false with token name is too long.

Maximum string length: 50
Example:

"production"

status
enum<integer>

Operational status for the key. 1 enables the key for model requests, 2 disables it, 3 marks it expired, and 4 marks it quota exhausted. Disabled, expired, or exhausted keys are rejected by model endpoints.

Available options:
1,
2,
3,
4
Example:

1

expired_time
integer

Unix timestamp in seconds when the key expires. Use -1 for no expiration. A past timestamp blocks model requests with this key.

Example:

-1

remain_quota
integer

Remaining quota to assign to the key in CometAPI internal quota units. If this reaches 0 while unlimited_quota is false, model requests with this key are rejected as quota exhausted.

Example:

100000

unlimited_quota
boolean

Whether the key bypasses remaining-quota checks. Set true only when the key should keep working even if remain_quota is 0.

Example:

false

model_limits_enabled
boolean

Whether to restrict this key to specific models. When true, only model IDs listed in model_limits are allowed. When false, model_limits is ignored.

Example:

false

model_limits
string

Comma-separated model IDs allowed by this key when model_limits_enabled is true. Use model IDs returned by /v1/models, for example <model-id-1>,<model-id-2>. Use an empty string for no model restriction.

Example:

""

allow_ips
string | null

Optional IP allowlist. Provide one JSON string with entries separated by newline characters (\n). Each entry can be a single IPv4 address, single IPv6 address, IPv4 CIDR, or IPv6 CIDR. Example for three allowlist entries: 198.51.100.10\n203.0.113.0/24\n2001:db8::/32. CometAPI compares the model request client IP to this list. Use null or "" to disable IP restrictions.

Example:

"198.51.100.10\n203.0.113.0/24\n2001:db8::/32"

group
string

Optional account group restriction. Use an empty string for no explicit group restriction. Non-empty values must be available to the account, or the API returns success: false with a no access to group message.

Example:

""

cross_group_retry
boolean

Whether cross-group retry is enabled for automatic group routing. This is only meaningful when the key uses an auto-routed group such as auto.

Example:

false

Response

200 - application/json

Updated API key record.

success
boolean
required
message
string
required
data
object
required