> ## Documentation Index > Fetch the complete documentation index at: https://infisical.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Update > Update JWT Auth configuration on machine identity ## OpenAPI ````yaml PATCH /api/v1/auth/jwt-auth/identities/{identityId} openapi: 3.0.3 info: title: Infisical API description: List of all available APIs that can be consumed version: 0.0.1 servers: - url: https://us.infisical.com description: Production server (US) - url: https://eu.infisical.com description: Production server (EU) - url: http://localhost:8080 description: Local server security: [] paths: /api/v1/auth/jwt-auth/identities/{identityId}: patch: tags: - JWT Auth description: Update JWT Auth configuration on machine identity operationId: updateJwtAuth parameters: - schema: type: string in: path name: identityId required: true description: The ID of the machine identity to update the auth method for. requestBody: required: true content: application/json: schema: anyOf: - type: object properties: configurationType: type: string enum: - jwks description: >- The configuration for validating JWTs. Must be one of: 'jwks', 'static' jwksUrl: type: string format: uri description: >- The URL of the JWKS endpoint. Required if configurationType is 'jwks'. This endpoint must serve JSON Web Key Sets (JWKS) containing the public keys used to verify JWT signatures. jwksCaCert: type: string default: '' description: >- The PEM-encoded CA certificate for validating the TLS connection to the JWKS endpoint. publicKeys: type: array items: type: string default: [] description: >- A list of PEM-encoded public keys used to verify JWT signatures. Required if configurationType is 'static'. Each key must be in RSA or ECDSA format and properly PEM-encoded with BEGIN/END markers. boundIssuer: type: string default: '' description: The new unique identifier of the JWT provider. boundAudiences: type: string default: '' description: The new list of intended recipients. boundClaims: type: object additionalProperties: type: string description: >- The new attributes that should be present in the JWT for it to be valid. boundSubject: type: string default: '' description: >- The new expected principal that is the subject of the JWT. accessTokenTrustedIps: type: array items: type: object properties: ipAddress: type: string required: - ipAddress additionalProperties: false minItems: 1 default: - ipAddress: 0.0.0.0/0 - ipAddress: '::/0' description: >- The new IPs or CIDR ranges that access tokens can be used from. accessTokenTTL: type: integer minimum: 0 maximum: 315360000 default: 2592000 description: The new lifetime for an access token in seconds. accessTokenMaxTTL: type: integer minimum: 0 maximum: 315360000 default: 2592000 description: The new maximum lifetime for an access token in seconds. accessTokenNumUsesLimit: type: integer minimum: 0 default: 0 description: >- The new maximum number of times that an access token can be used. required: - configurationType - jwksUrl additionalProperties: false - type: object properties: configurationType: type: string enum: - static description: >- The configuration for validating JWTs. Must be one of: 'jwks', 'static' jwksUrl: type: string default: '' description: >- The URL of the JWKS endpoint. Required if configurationType is 'jwks'. This endpoint must serve JSON Web Key Sets (JWKS) containing the public keys used to verify JWT signatures. jwksCaCert: type: string default: '' description: >- The PEM-encoded CA certificate for validating the TLS connection to the JWKS endpoint. publicKeys: type: array items: type: string minLength: 1 minItems: 1 description: >- A list of PEM-encoded public keys used to verify JWT signatures. Required if configurationType is 'static'. Each key must be in RSA or ECDSA format and properly PEM-encoded with BEGIN/END markers. boundIssuer: type: string default: '' description: The new unique identifier of the JWT provider. boundAudiences: type: string default: '' description: The new list of intended recipients. boundClaims: type: object additionalProperties: type: string description: >- The new attributes that should be present in the JWT for it to be valid. boundSubject: type: string default: '' description: >- The new expected principal that is the subject of the JWT. accessTokenTrustedIps: type: array items: type: object properties: ipAddress: type: string required: - ipAddress additionalProperties: false minItems: 1 default: - ipAddress: 0.0.0.0/0 - ipAddress: '::/0' description: >- The new IPs or CIDR ranges that access tokens can be used from. accessTokenTTL: type: integer minimum: 0 maximum: 315360000 default: 2592000 description: The new lifetime for an access token in seconds. accessTokenMaxTTL: type: integer minimum: 0 maximum: 315360000 default: 2592000 description: The new maximum lifetime for an access token in seconds. accessTokenNumUsesLimit: type: integer minimum: 0 default: 0 description: >- The new maximum number of times that an access token can be used. required: - configurationType - publicKeys additionalProperties: false responses: '200': description: Default Response content: application/json: schema: type: object properties: identityJwtAuth: type: object properties: id: type: string format: uuid accessTokenTTL: type: number default: 7200 accessTokenMaxTTL: type: number default: 7200 accessTokenNumUsesLimit: type: number default: 0 accessTokenTrustedIps: {} identityId: type: string format: uuid configurationType: type: string jwksUrl: type: string boundIssuer: type: string boundAudiences: type: string boundClaims: {} boundSubject: type: string createdAt: type: string format: date-time updatedAt: type: string format: date-time accessTokenPeriod: type: number default: 0 jwksCaCert: type: string publicKeys: type: array items: type: string required: - id - identityId - configurationType - jwksUrl - boundIssuer - boundAudiences - boundSubject - createdAt - updatedAt - jwksCaCert - publicKeys additionalProperties: false required: - identityJwtAuth additionalProperties: false '400': description: Default Response content: application/json: schema: type: object properties: reqId: type: string statusCode: type: number enum: - 400 message: type: string error: type: string details: {} required: - reqId - statusCode - message - error additionalProperties: false '401': description: Default Response content: application/json: schema: type: object properties: reqId: type: string statusCode: type: number enum: - 401 message: type: string error: type: string required: - reqId - statusCode - message - error additionalProperties: false '403': description: Default Response content: application/json: schema: type: object properties: reqId: type: string statusCode: type: number enum: - 403 message: type: string details: {} error: type: string required: - reqId - statusCode - message - error additionalProperties: false '404': description: Default Response content: application/json: schema: type: object properties: reqId: type: string statusCode: type: number enum: - 404 message: type: string error: type: string required: - reqId - statusCode - message - error additionalProperties: false '422': description: Default Response content: application/json: schema: type: object properties: reqId: type: string statusCode: type: number enum: - 422 message: {} error: type: string required: - reqId - statusCode - error additionalProperties: false '500': description: Default Response content: application/json: schema: type: object properties: reqId: type: string statusCode: type: number enum: - 500 message: type: string error: type: string required: - reqId - statusCode - message - error additionalProperties: false security: - bearerAuth: [] components: securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT description: An access token in Infisical ````