Update an injectable

Use this endpoint to update an existing injectable under a project. This supports both:

  • Text-based injectables (e.g. snippet, html, script, etc.) via a content field

  • File-based injectables (type=file) via a file upload

Important: DevPayr stores injectable payloads securely. When you update the content or file, DevPayr will re-generate the encrypted payload and the integrity fields (content_hash, signature) so your SDK (or your own client) can validate it later.

Endpoint

PUT /v1/project/{project}/injectables/{injectable}

Authentication

Requires an API key:

  • Header: X-API-KEY: <your_api_key>

Request format

Content-Type: multipart/form-data

You can update one field or many fields in one request — only the fields you provide will be updated.

Request body fields

Field
Type
Required
Description

title

string

No

Human-readable name of the injectable.

slug

string

No

Unique identifier within the same project.

type

string

No*

Injectable type (e.g. snippet, html, script, file, etc.). If you provide type, it must be valid.

mode

string

No*

How the SDK should apply the injectable (e.g. inject, write, replace, etc.). If you provide mode, it must be valid.

target_path

string

No

Where the SDK should apply the payload (e.g. resources/js/checkout.js or public/assets/).

validate_endpoint

url

No

Optional endpoint the SDK can call to validate delivery conditions.

secret

string

No**

Encryption secret used to secure the payload. Required if you are updating content, uploading file, or switching to type=file.

content

string

No***

Plain content to encrypt and store (only used when the injectable is not a file-type update).

file

file

No***

Binary upload (required when type=file and you are switching to file-type, or when replacing the existing file).

only_if_paid

boolean

No

If true, SDK should apply this injectable only when the project/license is marked paid.

is_active

boolean

No

Enable/disable this injectable.

* Only required if you send them. ** Required in specific cases (see rules below). *** content and file are mutually exclusive in one request.

Update rules you should know

1) Updating content (non-file types)

If the injectable is not file-based, update the payload using:

  • content + secret

2) Updating a file injectable

If the injectable is file-based (type=file), you can:

  • Upload a new file (recommended when replacing the file)

  • Keep the same file and only update metadata (e.g. title, target_path, is_active, etc.)

3) Switching to type=file

If you change the injectable to type=file, you must upload file in the same request.

4) Rotating secrets

If you provide a new secret, DevPayr will treat it as the new encryption secret going forward. That means:

  • future payloads retrieved will require that new secret to decrypt successfully

  • integrity fields will match the new encrypted payload

Example requests

Errors

Status
When it happens

403

API key does not have access to the project, or injectable is outside that project.

404

Injectable not found (or doesn’t belong to the given project).

422

Validation error (invalid type/mode, missing secret when required, missing file when switching to file type, etc.).

PreviousCreate an injectableNextStream an injectable

Last updated