> ## Documentation Index > Fetch the complete documentation index at: https://hoopdev-docs-improve-idp-sso-pages.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. # Patch Connection > Partial update of a connection resource. Only provided fields will be updated. ## OpenAPI ````yaml https://use.hoop.dev/api/openapiv3.json patch /connections/{nameOrID} openapi: 3.0.3 info: contact: email: help@hoop.dev name: Help url: https://help.hoop.dev description: >- Hoop.dev is an access gateway for databases and servers with an API for packet manipulation license: name: MIT url: https://opensource.org/license/mit termsOfService: https://hoop.dev/docs/legal/tos title: Hoop Api version: 1.49.10 servers: - url: https://use.hoop.dev/api security: [] tags: - description: > Hoop implements Oauth2 and OIDC protocol to authenticate users in the system. To obtain a valid access token users need to authenticate in their own identity provider which is generated as a JSON response to the endpoint `http(s)://use.hoop.dev/api/login`. The identity provider them redirects the user to the callback endpoint containing the access token. The recommended approach of obtaining an access token is by visiting the Webapp main's page or using the **Hoop command line**. Example: ```sh hoop config create --api-url https://use.hoop.dev # save the token after authenticating at $HOME/.hoop/config.toml hoop login # show token information hoop config view --raw ``` With an access token you could use any HTTP client to interact with the documented endpoints. The token must be sent through the `Authorization` header. Example: ```sh # obtain the current configuration of the server curl https://use.hoop.dev/api/serverinfo -H "Authorization: Bearer $ACCESS_TOKEN" ``` name: Authentication - description: > Users are active and assigned to the default organization when they signup. A user could be set to an inactive state preventing it from accessing the platform, however it’s recommended to manage the state of users in the identity provider. - The `sub` claim is used as the main identifier of the user in the platform. - The profile of the user is derived from the id_token claims `email` and `name`. When a user authenticates for the first time, it performs an automatic signup that persist the profile claims along with it’s unique identifier. ​ ### Groups Groups allows defining who may access or interact with certain resources. - For connection resources it’s possible to define which groups has access to a specific connection, this is enforced when the Access Control feature is enabled. - For review resources, it’s possible to define which groups are allowed to approve an execution, this is enforced when the Review feature is enabled. > This resource could be managed manually via Webapp or propagated by the identity provider via ID Token. In this mode, groups are sync when a user performs a login. ### Roles - The `admin` group is a special role that grants full access to all resources This role should be granted to users that are responsible for managing the Gateway. All other users are regular, meaning that they can access their own resources and interact with connections. name: User Management - description: Routes used to manage and obtain information about the runtime server. name: Server Management - description: Features available in the gateway. See also **Plugin** resources. name: Features - description: >- Proxy manager endpoints controls how clients connect via gRPC in the gateway. These endpoints are meant to be used when a client is initialized via `hoop proxy-manager`. name: Proxy Manager - name: Connections - name: Agents - name: Runbooks - name: Guard Rails - name: Reviews - name: Sessions - name: Organization Management - name: Reports paths: /connections/{nameOrID}: patch: tags: - Connections summary: Patch Connection description: >- Partial update of a connection resource. Only provided fields will be updated. parameters: - description: The name or ID of the resource in: path name: nameOrID required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/openapi.ConnectionPatch' description: The request body resource with fields to update required: true x-originalParamName: request responses: '200': content: application/json: schema: $ref: '#/components/schemas/openapi.Connection' description: OK '400': content: application/json: schema: $ref: '#/components/schemas/openapi.HTTPError' description: Bad Request '404': content: application/json: schema: $ref: '#/components/schemas/openapi.HTTPError' description: Not Found '422': content: application/json: schema: $ref: '#/components/schemas/openapi.HTTPError' description: Unprocessable Entity '500': content: application/json: schema: $ref: '#/components/schemas/openapi.HTTPError' description: Internal Server Error components: schemas: openapi.ConnectionPatch: properties: access_mode_connect: description: |- Toggle Port Forwarding * enabled - Enable to perform port forwarding for this connection * disabled - Disable port forwarding for this connection enum: - enabled - disabled type: string access_mode_exec: description: |- Toggle Ad Hoc Executions * enabled - Enable to run ad-hoc executions for this connection * disabled - Disable ad-hoc executions for this connection enum: - enabled - disabled type: string access_mode_runbooks: description: |- Toggle Ad Hoc Runbooks Executions * enabled - Enable to run runbooks for this connection * disabled - Disable runbooks execution for this connection enum: - enabled - disabled type: string access_schema: description: |- Toggle Introspection Schema * enabled - Enable the instrospection schema in the webapp * disabled - Disable the instrospection schema in the webapp enum: - enabled - disabled type: string agent_id: description: The agent associated with this connection example: 1837453e-01fc-46f3-9e4c-dcf22d395393 format: uuid type: string command: description: >- Is the shell command that is going to be executed when interacting with this connection. This value is required if the connection is going to be used from the Webapp. example: - /bin/bash items: type: string type: array connection_tags: additionalProperties: type: string description: >- Tags to identify the connection * keys must contain between 1 and 64 alphanumeric characters, it may include (-), (_), (/), or (.) characters and it must not end with (-), (/) or (-). * values must contain between 1 and 256 alphanumeric characters, it may include space, (-), (_), (/), (+), (@), (:), (=) or (.) characters. example: environment: prod tier: frontend type: object guardrail_rules: description: The guard rail association id rules example: - 5701046A-7B7A-4A78-ABB0-A24C95E6FE54 - B19BBA55-8646-4D94-A40A-C3AFE2F4BAFD items: type: string type: array jira_issue_template_id: description: The jira issue templates ids associated to the connection example: B19BBA55-8646-4D94-A40A-C3AFE2F4BAFD type: string redact_types: description: >- Redact Types is a list of info types that will used to redact the output of the connection. Possible values are described in the DLP documentation: https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference example: - EMAIL_ADDRESS items: type: string type: array reviewers: description: >- Reviewers is a list of groups that will review the connection before the user could execute it example: - dba-group items: type: string type: array secret: additionalProperties: {} description: >- Secrets are environment variables that are going to be exposed in the runtime of the connection: * { envvar:[env-key]: [base64-val] } - Expose the value as environment variable * { filesystem:[env-key]: [base64-val] } - Expose the value as a temporary file path creating the value in the filesystem The value could also represent an integration with a external provider: * { envvar:[env-key]: _aws:[secret-name]:[secret-key] } - Obtain the value dynamically in the AWS secrets manager and expose as environment variable * { envvar:[env-key]: _envjson:[json-env-name]:[json-env-key] } - Obtain the value dynamically from a JSON env in the agent runtime. Example: MYENV={"KEY": "val"} type: object subtype: description: |- Sub Type is the underline implementation of the connection: * postgres - Implements Postgres protocol * mysql - Implements MySQL protocol * mongodb - Implements MongoDB Wire Protocol * mssql - Implements Microsoft SQL Server Protocol * oracledb - Implements Oracle Database Protocol * tcp - Forwards a TCP connection * ssh - Forwards a SSH connection * httpproxy - Forwards a HTTP connection * dynamodb - AWS DynamoDB experimental integration * cloudwatch - AWS CloudWatch experimental integration example: postgres type: string tags: description: 'DEPRECATED: Tags to classify the connection' example: - prod items: type: string type: array type: description: |- Type represents the main type of the connection: * database - Database protocols * application - Custom applications * custom - Shell applications enum: - database - application - custom example: database type: string type: object openapi.Connection: properties: access_max_duration: description: >- Maximum duration in seconds for JIT access sessions on this connection example: 3600 type: integer access_mode_connect: description: |- Toggle Port Forwarding * enabled - Enable to perform port forwarding for this connection * disabled - Disable port forwarding for this connection enum: - enabled - disabled type: string access_mode_exec: description: |- Toggle Ad Hoc Executions * enabled - Enable to run ad-hoc executions for this connection * disabled - Disable ad-hoc executions for this connection enum: - enabled - disabled type: string access_mode_runbooks: description: |- Toggle Ad Hoc Runbooks Executions * enabled - Enable to run runbooks for this connection * disabled - Disable runbooks execution for this connection enum: - enabled - disabled type: string access_schema: description: |- Toggle Introspection Schema * enabled - Enable the instrospection schema in the webapp * disabled - Disable the instrospection schema in the webapp enum: - enabled - disabled type: string agent_id: description: The agent associated with this connection example: 1837453e-01fc-46f3-9e4c-dcf22d395393 format: uuid type: string command: description: >- Is the shell command that is going to be executed when interacting with this connection. This value is required if the connection is going to be used from the Webapp. example: - /bin/bash items: type: string type: array connection_tags: additionalProperties: type: string description: >- Tags to identify the connection * keys must contain between 1 and 64 alphanumeric characters, it may include (-), (_), (/), or (.) characters and it must not end with (-), (/) or (-). * values must contain between 1 and 256 alphanumeric characters, it may include space, (-), (_), (/), (+), (@), (:), (=) or (.) characters. example: environment: prod tier: frontend type: object default_database: description: >- Default databases returns the configured value of the attribute secrets->'DB' type: string force_approve_groups: description: Groups that can force approve reviews for this connection example: - sre-team items: type: string type: array guardrail_rules: description: The guard rail association id rules example: - 5701046A-7B7A-4A78-ABB0-A24C95E6FE54 - B19BBA55-8646-4D94-A40A-C3AFE2F4BAFD items: type: string type: array id: description: Unique ID of the resource example: 5364ec99-653b-41ba-8165-67236e894990 format: uuid readOnly: true type: string jira_issue_template_id: description: The jira issue templates ids associated to the connection example: B19BBA55-8646-4D94-A40A-C3AFE2F4BAFD type: string managed_by: description: >- Managed By is a read only field that indicates who is managing this resource. When this attribute is set, this resource is considered immutable example: '' readOnly: true type: string name: description: Name of the connection. This attribute is immutable when updating it example: pgdemo type: string redact_enabled: description: >- When this option is enabled it will allow managing the redact types through the attribute `redact_types` type: boolean redact_types: description: >- Redact Types is a list of info types that will used to redact the output of the connection. Possible values are described in the DLP documentation: https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference example: - EMAIL_ADDRESS items: type: string type: array resource_name: description: >- Resource to which this connection belongs to, it'll be created if it doesn't exist example: pgdemo type: string reviewers: description: >- Reviewers is a list of groups that will review the connection before the user could execute it example: - dba-group items: type: string type: array secret: additionalProperties: {} description: >- Secrets are environment variables that are going to be exposed in the runtime of the connection: * { envvar:[env-key]: [base64-val] } - Expose the value as environment variable * { filesystem:[env-key]: [base64-val] } - Expose the value as a temporary file path creating the value in the filesystem The value could also represent an integration with a external provider: * { envvar:[env-key]: _aws:[secret-name]:[secret-key] } - Obtain the value dynamically in the AWS secrets manager and expose as environment variable * { envvar:[env-key]: _envjson:[json-env-name]:[json-env-key] } - Obtain the value dynamically from a JSON env in the agent runtime. Example: MYENV={"KEY": "val"} type: object status: description: >- Status is a read only field that informs if the connection is available for interaction * online - The agent is connected and alive * offline - The agent is not connected enum: - online - offline readOnly: true type: string subtype: description: |- Sub Type is the underline implementation of the connection: * postgres - Implements Postgres protocol * mysql - Implements MySQL protocol * mongodb - Implements MongoDB Wire Protocol * mssql - Implements Microsoft SQL Server Protocol * oracledb - Implements Oracle Database Protocol * tcp - Forwards a TCP connection * ssh - Forwards a SSH connection * httpproxy - Forwards a HTTP connection * dynamodb - AWS DynamoDB experimental integration * cloudwatch - AWS CloudWatch experimental integration example: postgres type: string tags: description: 'DEPRECATED: Tags to classify the connection' example: - prod items: type: string type: array type: description: |- Type represents the main type of the connection: * database - Database protocols * application - Custom applications * custom - Shell applications enum: - database - application - custom example: database type: string required: - access_mode_connect - access_mode_exec - access_mode_runbooks - access_schema - agent_id - name - type type: object openapi.HTTPError: properties: message: example: the error description type: string type: object ````