> ## Documentation Index > Fetch the complete documentation index at: https://docs.myproceeds.xyz/llms.txt > Use this file to discover all available pages before exploring further. # Update a service > Partial update. Only provided fields are modified. ## OpenAPI ````yaml /openapi.yaml patch /v1/services/{id} openapi: 3.0.3 info: title: myproceeds API version: 1.1.0 description: | Public REST API for the myproceeds (x402) commerce platform. Tenants use this API to programmatically manage their Services and Paywalls. Authentication is via API keys generated from the dashboard. ## Authentication Send the API key in one of two ways: Authorization: Bearer mpk_<64 hex chars> X-Api-Key: mpk_<64 hex chars> Key format: `mpk_` prefix followed by 64 lowercase hex characters (32 random bytes). The raw key is only shown once at creation and cannot be recovered later. ## Scopes Each key carries a set of scopes that determine which endpoints it can call: - `services:read` — read services - `services:write` — create/update/delete services (implies read) - `paywalls:read` — read paywalls - `paywalls:write` — create/update/delete paywalls (implies read) - `transactions:read` — read payment transactions - `events:read` — read analytics events Use `GET /v1/me` to validate a key and inspect the tenant and scopes it carries. ## Secret handling Secret material — service `authConfig` values and paywall custom header values — is always masked as `"***"` in API responses. Field names (keys) are returned so you can see what is configured; the plaintext values are never exposed by the public API. ## Rate limits Each API key may make up to 1000 requests per 60-second window. When exceeded the API responds with `429 Too Many Requests` and a `Retry-After` header indicating seconds to wait. ## Response envelope Successful responses return: { "data": ..., "meta": { "requestId": "...", "timestamp": "..." } } Lists additionally include `meta.pagination`: { "total": N, "limit": L, "offset": O, "hasMore": bool } Errors return a `meta.requestId` you can quote to support, which correlates with the server log line: { "error": "message", "code": "MACHINE_CODE", "details": ..., "meta": { "requestId": "...", "timestamp": "..." } } servers: - url: https://api.myproceeds.xyz description: Current environment security: - ApiKeyAuth: [] tags: - name: Identity description: >- API-key authenticated endpoint to validate a key and read its tenant/scopes - name: Services description: API-key authenticated CRUD for tenant services - name: Paywalls description: API-key authenticated CRUD for tenant paywalls - name: Data description: API-key authenticated read-only access to transactions and analytics - name: System description: Unauthenticated service health endpoints paths: /v1/services/{id}: patch: tags: - Services summary: Update a service description: Partial update. Only provided fields are modified. parameters: - $ref: '#/components/parameters/IdPath' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ServiceUpdate' responses: '200': description: Updated service content: application/json: schema: allOf: - $ref: '#/components/schemas/Envelope' - type: object properties: data: $ref: '#/components/schemas/Service' '400': $ref: '#/components/responses/ValidationError' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '404': $ref: '#/components/responses/NotFound' security: - ApiKeyAuth: - services:write components: parameters: IdPath: name: id in: path required: true schema: type: string schemas: ServiceUpdate: type: object properties: name: type: string minLength: 1 maxLength: 100 description: type: string baseUrl: type: string format: uri authMethod: type: string enum: - none - bearer - token - x-api-key - custom-header - query-param - bearer-customer - x-api-key-secret - json-body-field authConfig: type: object additionalProperties: type: string networks: type: array minItems: 1 items: $ref: '#/components/schemas/NetworkId' mode: type: string enum: - testnet - mainnet Envelope: type: object required: - data - meta properties: data: {} meta: $ref: '#/components/schemas/Meta' Service: type: object properties: id: type: string name: type: string description: type: string nullable: true baseUrl: type: string format: uri authMethod: type: string enum: - none - bearer - token - x-api-key - custom-header - query-param - bearer-customer - x-api-key-secret - json-body-field authConfig: type: object nullable: true additionalProperties: type: string description: | Field names of the configured upstream credentials with values masked as `"***"`. Plaintext secrets are never returned by the public API. example: bearerToken: '***' networks: type: array items: $ref: '#/components/schemas/NetworkId' mode: type: string enum: - testnet - mainnet userId: type: string createdAt: type: string format: date-time updatedAt: type: string format: date-time Paywall: type: array items: $ref: '#/components/schemas/Paywall' NetworkId: type: string description: | Supported blockchain network identifier. The value must match the owning Service / Paywall `mode`: pass a **testnet** identifier when `mode` is `testnet`, and a **mainnet** identifier when `mode` is `mainnet`. example: base-sepolia enum: - arc-testnet - base-sepolia - hyperevm-testnet - tempo-testnet - base - hyperevm - tempo Meta: type: object properties: requestId: type: string timestamp: type: string format: date-time Paywall: type: object properties: id: type: string slug: type: string name: type: string description: type: string nullable: true targetType: type: string enum: - PROXY - ROUTE targetUrl: type: string nullable: true format: uri routePattern: type: string nullable: true price: type: string description: Amount in USDC smallest unit (string for precision) currency: type: string enum: - USDC network: $ref: '#/components/schemas/NetworkId' networks: type: array items: $ref: '#/components/schemas/NetworkId' merchantWallet: type: string pattern: ^0x[a-fA-F0-9]{40}$ facilitatorUrl: type: string format: uri timeout: type: integer validityWindow: type: integer allowedMethods: type: array items: type: string enum: - GET - POST - PUT - PATCH fulfillmentMode: type: string enum: - PROXY - SIGNED_URL enabled: type: boolean headers: type: array nullable: true description: | Configured custom request headers. Values are masked as `"***"` in API responses — only the header keys are returned. items: type: object properties: key: type: string value: type: string example: '***' queryParams: type: array nullable: true items: type: object properties: key: type: string value: type: string serviceId: type: string nullable: true userId: type: string nullable: true createdAt: type: string format: date-time updatedAt: type: string format: date-time Error: type: object required: - error - code - meta properties: error: type: string description: Human-readable message code: type: string description: Machine-readable code enum: - INVALID_API_KEY - KEY_REVOKED - KEY_EXPIRED - KEY_INACTIVE - INSUFFICIENT_SCOPE - IP_NOT_ALLOWED - RATE_LIMITED - NOT_FOUND - FORBIDDEN - VALIDATION_ERROR - CONFLICT - KEY_LIMIT_REACHED - SSRF_BLOCKED - ALREADY_REVOKED - INVALID_WALLET - INVALID_SERVICE - BETA_LIMIT_PAYWALLS - BETA_LIMIT_SERVICES - INTERNAL_ERROR - DATABASE_ERROR details: description: Optional machine-readable detail (e.g. Zod issues) meta: $ref: '#/components/schemas/Meta' responses: ValidationError: description: Request validation failed content: application/json: schema: $ref: '#/components/schemas/Error' Unauthorized: description: API key missing, invalid, revoked, or expired content: application/json: schema: $ref: '#/components/schemas/Error' example: error: Valid API key required code: INVALID_API_KEY Forbidden: description: Insufficient scope, IP not allowed, or not the resource owner content: application/json: schema: $ref: '#/components/schemas/Error' NotFound: description: Resource not found content: application/json: schema: $ref: '#/components/schemas/Error' securitySchemes: ApiKeyAuth: type: apiKey in: header name: X-Api-Key description: | API key in format `mpk_<64 hex chars>`. Can alternatively be sent as `Authorization: Bearer mpk_...`. ````