> ## Documentation Index
> Fetch the complete documentation index at: https://docs.deribit.com/llms.txt
> Use this file to discover all available pages before exploring further.
## Submitting Feedback
If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback:
POST https://docs.deribit.com/feedback
```json
{
"path": "/api-reference/account-management/private-change_scope_in_api_key",
"feedback": "Description of the issue"
}
```
Only submit feedback when you have something specific and actionable to report.
# private/change_scope_in_api_key
> Updates the scope (permissions) for an existing API key. The scope determines which operations the API key can perform (e.g., read-only, read-write, trading, etc.).
When the scope is changed, the API key immediately loses access to operations outside the new scope. Applications using this key may need to be updated to reflect the new permissions.
**[TFA required](https://docs.deribit.com/articles/security-keys)**
**📖 Related Articles:**
- [Creating new API key on Deribit](https://docs.deribit.com/articles/creating-api-key)
- [Access Scope](https://docs.deribit.com/articles/access-scope)
**Scope:** `account:read_write`
[Try in API console](https://test.deribit.com/api_console?method=%2Fprivate%2Fchange_scope_in_api_key)
## OpenAPI
````yaml /specifications/deribit_openapi.json get /private/change_scope_in_api_key
openapi: 3.0.0
info:
title: Deribit API
version: 2.1.1
servers:
- url: https://test.deribit.com/api/v2
security: []
tags:
- name: WebSocket Only
description: Can only be used over websockets.
- name: Public
description: Public methods can be used without authentication.
- name: Private
description: >-
Private methods require authentication. All requests must include a
valid OAuth2 token.
A token can be requested using the /public/auth method.
When using the websockets protocol, the token must be included as a
parameter access_token in the message. When using REST (HTTP
GET), the token may also be passed in the Authorization
header.
- name: Authentication
- name: Session Management
- name: Subscription Management
description: >-
Subscription works as [notifications](#notifications), so users will
automatically (after subscribing) receive messages from the server.
Overview for each channel response format is described in
[subscriptions](#subscriptions) section.
- name: Account Management
- name: Trading
- name: Market Data
- name: Wallet
- name: Chat
paths:
/private/change_scope_in_api_key:
get:
tags:
- Account Management
- Private
description: >+
Updates the scope (permissions) for an existing API key. The scope
determines which operations the API key can perform (e.g., read-only,
read-write, trading, etc.).
When the scope is changed, the API key immediately loses access to
operations outside the new scope. Applications using this key may need
to be updated to reflect the new permissions.
**[TFA required](https://docs.deribit.com/articles/security-keys)**
**📖 Related Articles:**
- [Creating new API key on
Deribit](https://docs.deribit.com/articles/creating-api-key)
- [Access Scope](https://docs.deribit.com/articles/access-scope)
**Scope:** `account:read_write`
[Try in API
console](https://test.deribit.com/api_console?method=%2Fprivate%2Fchange_scope_in_api_key)
parameters:
- name: max_scope
in: query
required: true
schema:
$ref: '#/components/schemas/max_scope'
description: >
Describes maximal access for tokens generated with given key. If
scope is not provided, its value is set as none.
**📖 Related Article:** [Access
Scope](https://docs.deribit.com/articles/access-scope)
- name: id
in: query
required: true
schema:
type: integer
example: 1
description: API key ID
requestBody:
content:
application/json:
examples:
request:
value:
jsonrpc: '2.0'
id: 2453
method: private/change_scope_in_api_key
params:
max_scope: >-
account:read_write wallet:read_write block_trade:read
trade:read_write
id: 3
description: JSON-RPC Request Example
description: JSON-RPC request body
responses:
'200':
$ref: '#/components/responses/PrivateApiKeyResponse'
components:
schemas:
max_scope:
items:
type: string
example:
- account:read
- trade:read
- block_trade:read_write
- wallet:none
type: array
description: >
Describes maximal access for tokens generated with given key. If scope
is not provided, its value is set as none.
**📖 Related Article:** [Access
Scope](https://docs.deribit.com/articles/access-scope)
PrivateApiKeyResponse:
properties:
jsonrpc:
type: string
enum:
- '2.0'
description: The JSON-RPC version (2.0)
id:
type: integer
description: The id that was sent in the request
result:
$ref: '#/components/schemas/api_key'
required:
- jsonrpc
- result
type: object
api_key:
properties:
id:
$ref: '#/components/schemas/key_id'
timestamp:
$ref: '#/components/schemas/timestamp'
client_id:
$ref: '#/components/schemas/client_id'
client_secret:
$ref: '#/components/schemas/client_secret'
public_key:
$ref: '#/components/schemas/public_key'
max_scope:
$ref: '#/components/schemas/max_scope'
enabled:
$ref: '#/components/schemas/api_key_enabled'
default:
$ref: '#/components/schemas/api_key_default'
name:
$ref: '#/components/schemas/api_key_name'
enabled_features:
$ref: '#/components/schemas/api_key_features'
ip_whitelist:
type: array
description: List of IP addresses whitelisted for a selected key
required:
- id
- timestamp
- client_id
- client_secret
- max_scope
- default
type: object
key_id:
example: 1
type: integer
description: Key identifier
timestamp:
example: 1536569522277
type: integer
description: The timestamp (milliseconds since the Unix epoch)
client_id:
example: IY2D68DS
type: string
description: Client identifier used for authentication
client_secret:
example: P9Z_c73KaBPwpoTVfsXzehAhjhdJn5kM7Zlz_hhDhE8
type: string
description: Client secret or MD5 fingerprint of public key used for authentication
public_key:
example: >-
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEApajFN0CSwIaaiIRPiFbiYYvpsLQLSccSLLsKPe984sc= -----END
PUBLIC KEY-----
type: string
description: >-
PEM encoded public key (Ed25519/RSA) used for asymmetric signatures
(optional)
api_key_enabled:
example: true
type: boolean
description: Informs whether api key is enabled and can be used for authentication
api_key_default:
example: false
type: boolean
description: >-
Informs whether this api key is default (field is deprecated and will be
removed in the future)
api_key_name:
example: TestName
type: string
description: Api key name that can be displayed in transaction log
api_key_features:
items:
type: string
type: array
description: >-
List of enabled advanced on-key features.
Available
options:
- restricted_block_trades: Limit the
block_trade read the scope of the API key to block trades that have been
made using this specific API key
- block_trade_approval:
Block trades created using this API key require additional user
approval. Methods that use block_rfq scope are not affected
by Block Trade approval feature
responses:
PrivateApiKeyResponse:
content:
application/json:
schema:
$ref: '#/components/schemas/PrivateApiKeyResponse'
examples:
response:
value:
jsonrpc: '2.0'
id: 2453
result:
timestamp: 1560242482758
max_scope: >-
account:read_write block_trade:read trade:read_write
wallet:read_write
id: 3
enabled: true
default: false
client_secret: B6RsF9rrLY5ezEGBQkyLlV-UC7whyPJ34BMA-kKYpes
client_id: 1sXMQBhM
name: NewKeyName
description: Response example
description: Success response
````