Get Started

Changelog

January 14, 2026

True PATCH Semantics for Auth Config Updates

Version Information

TypeScript/JavaScript

  • Package: @composio/core and provider packages
  • Version: 0.5.1+

Python

  • Package: composio-core and provider packages
  • Version: 0.10.7+

The PATCH /api/v3/auth_configs/{id} endpoint now implements proper partial update semantics. Previously, omitting fields would clear them (behaving like PUT). Now, omitted fields are preserved—only explicitly provided fields are modified.

Breaking Change: If you relied on omitting fields to clear them, you must now explicitly send null or []. See Migration Guide below.

What Changed

FieldBefore (Buggy)After (Correct)
credentialsRequired on every updateOptional—merged with existing
tool_access_configReset to {} if omittedPreserved if omitted
scopes (type: default)Cleared if omittedPreserved if omitted
restrict_to_following_toolsReset to [] if omittedPreserved if omitted

Merge Behavior: The credentials object is merged—send only the fields you want to change, and existing fields are preserved.

New Capabilities

Rotate a Single Credential Field

Update just client_secret without resending client_id or other fields:

1from composio import Composio
2
3composio = Composio()
4
5# Only send the field you want to update - other credentials are preserved
6
7composio.auth_configs.update(
8"ac_yourAuthConfigId",
9options={
10"type": "custom",
11"credentials": {
12"client_secret": "new_rotated_secret",
13},
14},
15)

Update Tool Restrictions Without Touching Credentials

Previously, this would fail because credentials was required. Now it works:

1from composio import Composio
2
3composio = Composio()
4
5# Update tool restrictions - credentials are automatically preserved
6
7composio.auth_configs.update(
8"ac_yourAuthConfigId",
9options={
10"type": "custom",
11"tool_access_config": {
12"tools_available_for_execution": ["GMAIL_SEND_EMAIL", "GMAIL_READ_EMAIL"],
13},
14},
15)

Migration Guide

Am I Affected?

Yes, if your code relied on omitting fields to clear them.

No, if you always send complete payloads or only use PATCH to update specific fields.

How to Clear Fields Explicitly

To ClearPython SDKTypeScript SDK
tool_access_config"tool_access_config": {"tools_available_for_execution": []}toolAccessConfig: { toolsAvailableForExecution: [] }
scopes (default)"scopes": ""scopes: "" (via HTTP API)
1from composio import Composio
2
3composio = Composio()
4
5# Explicitly clear tool restrictions with empty array
6
7composio.auth_configs.update(
8"ac_yourAuthConfigId",
9options={
10"type": "custom",
11"tool_access_config": {
12"tools_available_for_execution": [],
13},
14},
15)

Raw HTTP API

For users calling the API directly:

$# Rotate single credential
>curl -X PATCH "https://backend.composio.dev/api/v3/auth_configs/{id}" \
>  -H "x-api-key: YOUR_API_KEY" \
>  -H "Content-Type: application/json" \
>  -d '{"type": "custom", "credentials": {"client_secret": "new_secret"}}'
>
># Clear tool restrictions
>curl -X PATCH "https://backend.composio.dev/api/v3/auth_configs/{id}" \
>  -H "x-api-key: YOUR_API_KEY" \
>  -H "Content-Type: application/json" \
>  -d '{"type": "custom", "tool_access_config": {"tools_available_for_execution": []}}'