Update a project

Update an existing project using an API key.

This endpoint supports partial updates — only fields you send will be updated.

Endpoint

PATCH /project/{project}

Full URL:

https://api.devpayr.dev/api/v1/project/{project}

Authentication

✅ Required: API Key

Send your API key using:

X-API-KEY: <your_api_key>

Path Parameters

Parameter	Type	Required	Description
project	integer	Yes	The ID of the project to update.

---

Authorization Rules

DevPayr validates that:

• the project exists, and

• the API key belongs to the same owner as the project.

If you are not allowed to update the project, the request is blocked at the authorization layer.

Error (403)

{ "message": "You are not allowed to update this project." }

Note: The controller also includes additional checks for project-scoped keys. If your key is scoped to a different project, it will be rejected.

Request Body

Send a JSON body containing only the fields you want to update.

All fields are optional, but each field uses sometimes, meaning:

• If the field is present, it must pass validation.

• If the field is omitted, it is ignored.

Updatable Fields

Field	Type	Required	Description
name	string	No	Project name (max 255).
slug	string	No	Project slug (alpha-dash, max 255, must be unique).
description	string	No	Project description (max 1000).
default_redirect_url	string (url)	No	Redirect URL used by your app/SDK for blocked or expired licenses.
webhook_url	string (url)	No	Webhook destination (if webhooks are enabled for the account).
logo_url	string (url)	No	Project logo URL.
webhook_secret	string	No	Webhook secret (max 255).
meta	object	No	Metadata object (must be a valid JSON object).
has_paid	boolean	No	Payment enforcement flag.

Meta Field Notes

meta must be an object.

✅ Valid:

{
  "meta": {
    "sdk_version": "1.3.2",
    "channel": "web"
  }
}

Also supported: sending meta as a JSON string — DevPayr attempts to decode it before validation.

Custom validation message

{ "message": "SDK metadata must be a valid object." }

Example Request

curl -X PATCH "https://api.devpayr.dev/api/v1/project/4" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -H "X-API-KEY: YOUR_API_KEY" \
  -d '{
    "description": "This project handles SDK telemetry",
    "meta": {
      "sdk_version": "1.3.2",
      "channel": "web"
    }
  }'

Response

Success (200)

DevPayr returns the updated project wrapped in the standard response envelope.

Example Response

{
  "status": "success",
  "message": "Project has been successfully updated.",
  "data": {
    "id": 4,
    "name": "My Dev SDK",
    "slug": "my-dev-sdk",
    "description": "This project handles SDK telemetry",
    "default_redirect_url": "https://myapp.com/expired",
    "webhook_url": "https://myapp.com/webhook",
    "logo_url": "https://myapp.com/logo.png",
    "meta": {
      "sdk_version": "1.3.2",
      "channel": "web"
    },
    "is_active": true,
    "created_at": "2025-12-13T11:26:53.000000Z",
    "updated_at": "2025-12-13T11:33:02.000000Z"
  },
  "errors": null
}

Caching Behavior

This endpoint uses caching to prevent repeated identical updates.

• Cache TTL: 60 minutes

• Cache key includes:

  • API key ID

  • project ID

  • the validated request payload

If the same API key submits the same update payload again within the TTL window, DevPayr may return the cached response.

Validation Errors (422)

If validation fails, DevPayr returns a 422 response.

Common validation cases:

• slug is already in use

• URL fields are invalid (default_redirect_url, webhook_url, logo_url)

• meta is not a valid object

• has_paid is not a boolean

• webhook_secret exceeds 255 characters

Notable custom validation messages

Slug already in use:

{ "message": "This project slug is already in use." }

Meta must be object:

{ "message": "SDK metadata must be a valid object." }

Webhook secret too long:

{ "message": "Webhook secret must not exceed 255 characters." }

The full 422 response includes an errors object with field-level messages.

Errors

Missing API Key (401)

{ "message": "Missing required X-API-KEY header." }

Invalid / Expired API Key (403)

{ "message": "Invalid or expired API key." }

Unauthorized (403)

{ "message": "You are not allowed to update this project." }

Project Not Found (404)

{ "message": "Resource not found." }

Rate Limited (429)

{ "message": "Rate limit exceeded (X requests/min). Please slow down." }