API documentation
curl --request PATCH \
--url https://api.lightspark.com/grid/2025-10-13/auth/credentials/{id} \
--header 'Authorization: Basic <encoded-value>' \
--header 'Content-Type: application/json' \
--data '
{
"email": "new.email@example.com"
}
'{
"id": "AuthMethod:019542f5-b3e7-1d02-0000-000000000001",
"accountId": "InternalAccount:019542f5-b3e7-1d02-0000-000000000002",
"type": "EMAIL_OTP",
"nickname": "new.email@example.com",
"createdAt": "2026-04-08T15:30:01Z",
"updatedAt": "2026-04-08T15:35:02Z"
}Update an authentication credential
Update mutable fields on an authentication credential for an Embedded Wallet internal account. Today this supports updating the email address used by an EMAIL_OTP credential.
This is a two-step signed-retry flow:
-
Call
PATCH /auth/credentials/{id}with the request body{ "email": "new.email@example.com" }and no signature headers. Grid returns202withpayloadToSign,requestId, andexpiresAt. -
Use the session API keypair of a verified authentication credential on the same internal account to build an API-key stamp over
payloadToSign, then retry with that full stamp as theGrid-Wallet-Signatureheader and therequestIdechoed back as theRequest-Idheader. The retry body must carry the same update fields submitted in step 1. The signed retry returns200with the updatedAuthMethod.
curl --request PATCH \
--url https://api.lightspark.com/grid/2025-10-13/auth/credentials/{id} \
--header 'Authorization: Basic <encoded-value>' \
--header 'Content-Type: application/json' \
--data '
{
"email": "new.email@example.com"
}
'{
"id": "AuthMethod:019542f5-b3e7-1d02-0000-000000000001",
"accountId": "InternalAccount:019542f5-b3e7-1d02-0000-000000000002",
"type": "EMAIL_OTP",
"nickname": "new.email@example.com",
"createdAt": "2026-04-08T15:30:01Z",
"updatedAt": "2026-04-08T15:35:02Z"
}Documentation Index
Fetch the complete documentation index at: https://ramps-docs-sync-20260512.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
Authorizations
API token authentication using format <api token id>:<api client secret>
Headers
Full API-key stamp built over the prior payloadToSign with the session API keypair of a verified authentication credential on the same internal account. Required on the signed retry; ignored on the initial call.
The requestId returned in a prior 202 response, echoed back on the signed retry so the server can correlate it with the issued challenge. Required on the signed retry; must be paired with Grid-Wallet-Signature.
Path Parameters
The id of the authentication credential to update (the id field of the AuthMethod returned from POST /auth/credentials).
Body
Partial request body for PATCH /auth/credentials/{id}. At least one update field must be provided. Today, only the email address on an EMAIL_OTP credential can be updated. On step 1 of the signed-retry flow Grid binds the submitted update fields into payloadToSign; on step 2 the client echoes the same fields back and Grid applies the update to the authentication credential.
New email address to associate with the EMAIL_OTP credential.
"new.email@example.com"
Response
Signed retry accepted. Returns the updated authentication credential.
Strict wrapper around AuthMethod. Used directly as the registration response on POST /auth/credentials (all three credential types) and inside AuthCredentialResponseOneOf for the EMAIL_OTP branch of POST /auth/credentials/{id}/challenge. The only difference from AuthMethod is unevaluatedProperties: false, which disambiguates the oneOf against PasskeyAuthChallenge — without the strictness, an AuthMethod with extra fields would ambiguously match both branches.
System-generated unique identifier for the authentication credential.
"AuthMethod:019542f5-b3e7-1d02-0000-000000000001"
Identifier of the internal account that this credential authenticates.
"InternalAccount:019542f5-b3e7-1d02-0000-000000000002"
The type of authentication credential.
OAUTH: OpenID Connect (OIDC) token issued by an identity provider such as Google or Apple.EMAIL_OTP: A one-time password delivered to the user's email address.PASSKEY: A WebAuthn passkey bound to the user's device.
OAUTH, EMAIL_OTP, PASSKEY Human-readable identifier for this credential. For EMAIL_OTP credentials this is the email address; for OAUTH credentials it is typically the email claim from the OIDC token; for PASSKEY credentials it is the validated nickname provided at registration time.
"example@lightspark.com"
Creation timestamp.
"2026-04-08T15:30:01Z"
Last update timestamp.
"2026-04-08T15:35:00Z"
Base64url-encoded WebAuthn credential identifier for this passkey. Present only for PASSKEY authentication credentials. Corresponds to PublicKeyCredential.rawId; pass this value as allowCredentials[].id when requesting a passkey assertion for this auth method.
"KEbWNCc7NgaYnUyrNeFGX9_3Y-8oJ3KwzjnaiD1d1LVTxR7v3CaKfCz2Vy_g_MHSh7yJ8yL0Pxg6jo_o0hYiew"
Was this page helpful?