> ## Documentation Index > Fetch the complete documentation index at: https://docs.neo.projectdiscovery.io/llms.txt > Use this file to discover all available pages before exploring further. # Create or update a BYOK provider key > Create or update an API key for a specific provider. The key is encrypted at rest and validated against the provider's API before saving. Supported providers: openrouter, anthropic, openai, google, xai, vercel-gateway, google-vertex, amazon-bedrock, azure-foundry. Access control: - Solo users: Manages their own provider keys - Team admins: Manages provider keys for the team - Team members/viewers: Returns 403 ## OpenAPI ````yaml https://neo.api.projectdiscovery.io/api/openapi.json patch /api/v1/byok/providers/{provider} openapi: 3.1.0 info: contact: name: ProjectDiscovery url: https://neo.projectdiscovery.io description: Neo API Server - Security agent orchestration platform license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0 title: Neo API version: 1.0.0 servers: - description: Production url: https://neo.api.projectdiscovery.io - description: Local development url: http://localhost:8080 security: [] tags: - description: Task execution and management name: Tasks - description: Agent listing and management name: Agents - description: Public agent directory name: Agent Directory - description: User file storage management name: Files - description: User working memory management name: Memory - description: Scheduled and recurring task management name: Schedules - description: Knowledge base and semantic search name: Knowledge - description: Encrypted user credentials and API keys name: Secrets - description: Neo API key management for programmatic access name: API Keys - description: User profile and account information name: User - description: Task and LLM usage tracking name: Usage - description: Bring Your Own Key provider management name: BYOK - description: Model discovery and capabilities name: Models - description: Third-party integrations name: Integrations - description: Skill knowledge documents for agent prompts name: Skills - description: Team management and member invitations name: Teams - description: Prompt library management and discovery name: Prompts - description: Slack bot integration for workspace installation and OAuth name: Slack - description: GitHub integration for PR reviews and repository management name: GitHub - description: Vulnerability issue tracking and management name: Issues - description: Subscription billing and plans name: Billing - description: Project management and member assignments name: Projects - description: SSH key pair generation and management for remote server access name: SSH Keys - description: Codebase structural analysis and mapping name: Codemaps - description: AI-generated codebase documentation and security analysis name: CodeWiki - description: Captured HTTP traffic query and replay name: Network Events paths: /api/v1/byok/providers/{provider}: patch: tags: - BYOK summary: Create or update a BYOK provider key description: > Create or update an API key for a specific provider. The key is encrypted at rest and validated against the provider's API before saving. Supported providers: openrouter, anthropic, openai, google, xai, vercel-gateway, google-vertex, amazon-bedrock, azure-foundry. Access control: - Solo users: Manages their own provider keys - Team admins: Manages provider keys for the team - Team members/viewers: Returns 403 operationId: patch-v1-byok-provider parameters: - description: Provider identifier in: path name: provider required: true schema: enum: - openrouter - anthropic - openai - google - xai - vercel-gateway - google-vertex - amazon-bedrock - azure-foundry type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpsertProviderKeyRequest' required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/UpsertProviderKeyResponse' description: Provider key created or updated '400': content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' description: Invalid provider or missing api_key '401': content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' description: Unauthorized '403': content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' description: Forbidden - BYOK not enabled or not a team admin '500': content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' description: Internal server error security: - BearerAuth: [] - ApiKeyAuth: [] components: schemas: UpsertProviderKeyRequest: properties: api_key: description: | The provider API key (will be encrypted at rest). For google-vertex: must be the full GCP service account JSON string (containing type, client_email, private_key, project_id). type: string display_name: description: Optional display name for this key nullable: true type: string location: description: > Cloud region or endpoint URL for location-aware providers: - google-vertex: GCP region for Vertex AI (e.g. "us-central1", "us-east5"). Defaults to "us-central1". - amazon-bedrock: AWS region (e.g. "us-east-1"). Defaults to "us-east-1". - azure-foundry: Foundry endpoint URL (e.g. "https://{resource}.openai.azure.com" or legacy "https://{resource}.services.ai.azure.com"). Required. nullable: true type: string required: - api_key type: object UpsertProviderKeyResponse: properties: provider_key: $ref: '#/components/schemas/ProviderKey' validation: $ref: '#/components/schemas/ValidationResult' required: - provider_key - validation type: object ErrorResponse: properties: code: description: > Stable machine-readable error code — branch on this rather than matching the human `error`/`message` strings. Domain codes include `user_spending_cap_reached`, `project_spending_cap_reached`, and `insufficient_neo_credits`; otherwise it mirrors the error kind (e.g. `forbidden`, `invalid_request`, `not_exists`, `already_exists`). example: user_spending_cap_reached type: string error: example: Bad request type: string error_id: description: Correlation id for a specific error instance, when present. type: string kind: description: Coarse error category (e.g. "forbidden request", "invalid request"). example: forbidden request type: string message: description: | Human-readable detail (the kind prefixed to the error). For display, not for branching. type: string required: - error type: object ProviderKey: description: A configured BYOK provider API key properties: created_at: description: When the key was created format: date-time type: string display_name: description: Optional display name for this key nullable: true type: string id: description: Unique identifier for the provider key format: uuid type: string is_validated: description: Whether the key has been validated against the provider type: boolean location: description: > Cloud region or endpoint URL for location-aware providers: - google-vertex: GCP region (e.g. "us-central1", "us-east5"). Defaults to "us-central1". - amazon-bedrock: AWS region (e.g. "us-east-1"). Defaults to "us-east-1". - azure-foundry: Foundry endpoint URL (e.g. "https://{resource}.openai.azure.com" or legacy "https://{resource}.services.ai.azure.com"). Required. nullable: true type: string provider: description: Provider identifier enum: - openrouter - anthropic - openai - google - xai - vercel-gateway - google-vertex - amazon-bedrock - azure-foundry type: string updated_at: description: When the key was last updated format: date-time type: string required: - id - provider - is_validated - created_at - updated_at type: object ValidationResult: properties: details: description: Additional details about the validation result type: string error: description: Error message if validation failed type: string valid: description: Whether the API key is valid type: boolean required: - valid type: object securitySchemes: BearerAuth: bearerFormat: JWT description: JWT authentication token scheme: bearer type: http ApiKeyAuth: description: Neo API key (neo_sk_* prefix) in: header name: X-Api-Key type: apiKey ````