# Patch a tool router session config (v3.1) **Documentation:** /reference/api-reference/tool-router/patchToolRouterSessionBySessionId Partially updates the configuration of an existing tool router session. Only the fields provided in the request body will be updated. Uses optimistic concurrency control to prevent lost updates. The previous config is stored in config history. --- ## PATCH `/api/v3.1/tool_router/session/{session_id}` **Endpoint:** `https://backend.composio.dev/api/v3.1/tool_router/session/{session_id}` **Summary:** Patch a tool router session config (v3.1) Partially updates the configuration of an existing tool router session. Only the fields provided in the request body will be updated. Uses optimistic concurrency control to prevent lost updates. The previous config is stored in config history. ### Authentication **ApiKeyAuth** - API Key in `header` header `x-api-key` OR **UserApiKeyAuth** - API Key in `header` header `x-user-api-key` ### Path Parameters - `session_id` (string (toolRouterSessionId)) *(required)*: The unique identifier of the tool router session ### Request Body **Schema:** - `toolkits` (any): Toolkit configuration - specify either enable toolkits (allowlist) or disable toolkits (denylist). Mutually exclusive. - `auth_configs` (object): The auth configs to use for the session. This will override the default behavior and use the given auth config when specific toolkits are being executed - `[key: string]` (string (authConfigId)) - `connected_accounts` (object,null): The connected accounts to use for the session, as an array of nano-IDs per toolkit. This overrides the default behaviour and pins specific connected accounts when toolkits are executed. Each account must exist (not deleted or disabled) and belong to the same `user_id` as the session. Multi-account sessions can pin multiple; non-multi-account sessions are capped at length 1. - `manage_connections` (object,null) - `tools` (object): Tool-level configuration per toolkit. Allows you to enable, disable, or filter by tags for specific tools within each toolkit. Every slug passed in `enable` / `disable` must be a valid Composio tool slug for that toolkit — invalid or typo'd slugs fail session creation with a clear error listing which ones didn't match. - `[key: string]` (any) - `tags` (any): Global MCP tool annotation hints for filtering. Array format is treated as enabled list. Object format supports both enabled (tool must have at least one) and disabled (tool must NOT have any) lists. Toolkit-level tags override this. Toolkit enabled/disabled lists take precedence over tag filtering. - `workbench` (object,null) - `multi_account` (object,null) - `preload` (object): Preload configuration. Use an explicit list for frequently used tool slugs, or "all" to dynamically expose every app tool allowed by positive toolkits/tools/tags filters. - `tools` (any): Explicit tool slugs to preload, or "all" to dynamically expose all current and future app tools allowed by the positive session filters. "all" is capped at 1000 tools and is not supported without a positive allowlist. - `search` (object) - `enable` (boolean) - `execute` (object) - `enable_multi_execute` (boolean) - `experimental` (object,null) **Example:** ```json { "toolkits": null, "auth_configs": { "key": "string" }, "connected_accounts": null, "manage_connections": null, "tools": { "key": null }, "tags": null, "workbench": null, "multi_account": null, "preload": { "tools": null }, "search": { "enable": true }, "execute": { "enable_multi_execute": true }, "experimental": null } ``` ### Responses #### 200 - Session config successfully patched. **Response Schema:** - `session_id` (string (toolRouterSessionId)) *(required)*: The identifier of the session - `mcp` (object) *(required)* - `type` (enum: "http") *(required)*: The type of the MCP server. Can be http - `url` (string (uri)) *(required)*: The URL of the MCP server - `tool_router_tools` (array) *(required)*: List of available tools in this session - `config` (object) *(required)*: The configuration used to create this session - `user_id` (string) *(required)*: User identifier for this session - `toolkits` (any): Toolkit configuration - either enabled list or disabled list - `auth_configs` (object): Auth config overrides per toolkit - `[key: string]` (string (authConfigId)) - `manage_connections` (object): Manage connections configuration - `enabled` (boolean): Whether to enable the connection manager for automatic connection handling - `callback_url` (string (uri)): Custom callback URL for connected account auth flows - `enable_wait_for_connections` (boolean): Enable the COMPOSIO_WAIT_FOR_CONNECTIONS tool for polling connection status. Default false. May not work reliably with GPT models. - `enable_connection_removal` (boolean): Enable the "remove" action in COMPOSIO_MANAGE_CONNECTIONS. Default true. - `tools` (object): Tool-level configuration per toolkit - `[key: string]` (any) - `tags` (object): MCP tool annotation hints for filtering tools with enabled/disabled support. enabled: tags that the tool must have at least one of. disabled: tags that the tool must NOT have any of. Both conditions must be satisfied. - `enabled` (array): Tags that the tool must have at least one of - `disabled` (array): Tags that the tool must NOT have any of - `workbench` (object): Workbench configuration - `enable` (boolean): Whether the workbench (code execution sandbox) is enabled. When false, COMPOSIO_REMOTE_WORKBENCH and COMPOSIO_REMOTE_BASH_TOOL are not exposed. - `proxy_execution_enabled` (boolean): Whether proxy execution is enabled in the workbench - `auto_offload_threshold` (number): Character threshold after which tool execution response are saved to a file in workbench. Default is 20k. - `sandbox_size` (enum: "standard" | "medium" | "large" | ...): Sandbox compute tier: standard (1 vCPU / 1 GB), medium (2 vCPU / 2 GB), large (4 vCPU / 4 GB), xlarge (8 vCPU / 8 GB). Defaults to standard. - `multi_account` (object): Multi-account configuration for this session. - `enable` (boolean): When true, enables multi-account mode for this session. When not set, falls back to org/project-level configuration. - `max_accounts_per_toolkit` (integer): Maximum number of connected accounts allowed per toolkit. Defaults to 5 when multi-account is enabled. - `require_explicit_selection` (boolean): When true, require explicit account selection when multiple accounts are connected. When false (default), use the first/default account. - `preload` (object) *(required)*: Preload configuration. Explicit slugs are returned as an array; dynamic preload is returned as "all". - `tools` (any) *(required)*: Explicit preloaded tool slugs, or "all" when the session dynamically exposes all app tools allowed by its filters. - `connected_accounts` (object): Per-toolkit connected account overrides (array of nano-IDs). Multi-account sessions can pin more than one account per toolkit; otherwise length is 1. - `[key: string]` (array) - `search` (object) *(required)*: Search helper configuration - `enable` (boolean) - `execute` (object) *(required)*: Execute helper configuration - `enable_multi_execute` (boolean) - `config_version` (integer) *(required)*: Monotonic version of the config. Incremented on each PATCH. Use for optimistic concurrency control. - `experimental` (object): Experimental features - `assistive_prompt` (string): The assistive system prompt for the tool router session - `custom_toolkits` (array): User-defined custom toolkits with grouped tools (no-auth) - Array items: - `slug` (string) *(required)* - `name` (string) *(required)* - `description` (string) *(required)* - `tools` (array) *(required)* - Array items: - ... - `custom_tools` (array): Custom tools — standalone or extending Composio toolkits - Array items: - `slug` (string) *(required)*: Prefixed tool slug (e.g. LOCAL_GMAIL_GET_IMPORTANT_EMAILS) - `name` (string) *(required)* - `description` (string) *(required)* - `input_schema` (object) *(required)* - `[key: string]` (any) - `output_schema` (object) - `[key: string]` (any) - `extends_toolkit` (string) - `original_slug` (string) *(required)*: Original tool slug as provided by the user - `warnings` (array): Advisory list — the session exists and is usable, but the listed issues may warrant attention. - Array items: - `code` (enum: "PRELOAD_TOOLS_HIGH_CONTEXT_USAGE") *(required)*: Stable machine code identifying the advisory. Safe to switch on in client code. - `message` (string) *(required)*: Human-readable description of the advisory. Suitable for logging or surfacing to end users. **Example Response:** ```json { "session_id": "string", "mcp": { "type": "http", "url": "https://example.com" }, "tool_router_tools": [ "string" ], "config": { "user_id": "string", "toolkits": null, "auth_configs": { "key": "string" }, "manage_connections": { "enabled": true, "callback_url": "https://example.com", "enable_wait_for_connections": false, "enable_connection_removal": true }, "tools": { "key": null }, "tags": { "enabled": [ "..." ], "disabled": [ "..." ] }, "workbench": { "enable": true, "proxy_execution_enabled": true }, "multi_account": { "enable": true, "max_accounts_per_toolkit": 1, "require_explicit_selection": true }, "preload": { "tools": null }, "connected_accounts": { "key": [ "..." ] }, "search": { "enable": true }, "execute": { "enable_multi_execute": true } }, "config_version": 1, "experimental": { "assistive_prompt": "string", "custom_toolkits": [ { "slug": "...", "name": "...", "description": "...", "tools": "..." } ], "custom_tools": [ { "slug": "...", "name": "...", "description": "...", "input_schema": "...", "output_schema": "...", "extends_toolkit": "...", "original_slug": "..." } ] }, "warnings": [] } ``` #### 400 - Bad request. Invalid config values. **Response Schema:** - `error` (object) *(required)* - `message` (string) *(required)* - `code` (number) *(required)* - `slug` (string) *(required)* - `status` (number) *(required)* - `request_id` (string) - `suggested_fix` (string) - `errors` (array) #### 401 - Unauthorized. **Response Schema:** - `error` (object) *(required)* - `message` (string) *(required)* - `code` (number) *(required)* - `slug` (string) *(required)* - `status` (number) *(required)* - `request_id` (string) - `suggested_fix` (string) - `errors` (array) #### 404 - Session not found. **Response Schema:** - `error` (object) *(required)* - `message` (string) *(required)* - `code` (number) *(required)* - `slug` (string) *(required)* - `status` (number) *(required)* - `request_id` (string) - `suggested_fix` (string) - `errors` (array) #### 408 - Request timeout while validating patch. **Response Schema:** - `error` (object) *(required)* - `message` (string) *(required)* - `code` (number) *(required)* - `slug` (string) *(required)* - `status` (number) *(required)* - `request_id` (string) - `suggested_fix` (string) - `errors` (array) #### 409 - Config version conflict. Re-fetch the session and retry. **Response Schema:** - `error` (object) *(required)* - `message` (string) *(required)* - `code` (number) *(required)* - `slug` (string) *(required)* - `status` (number) *(required)* - `request_id` (string) - `suggested_fix` (string) - `errors` (array) #### 500 - Internal server error. **Response Schema:** - `error` (object) *(required)* - `message` (string) *(required)* - `code` (number) *(required)* - `slug` (string) *(required)* - `status` (number) *(required)* - `request_id` (string) - `suggested_fix` (string) - `errors` (array) ### Example cURL Request ```bash curl -X PATCH "https://backend.composio.dev/api/v3.1/tool_router/session/string" \ -H "x-api-key: YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "toolkits": null, "auth_configs": { "key": "string" }, "connected_accounts": null, "manage_connections": null, "tools": { "key": null }, "tags": null, "workbench": null, "multi_account": null, "preload": { "tools": null }, "search": { "enable": true }, "execute": { "enable_multi_execute": true }, "experimental": null }' ```