> ## Documentation Index
> Fetch the complete documentation index at: https://docs.atollhq.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Update KPI HTTP sync draft

> Human-admin-only. Updates a sync config and returns it to draft status, requiring validation, secrets, and dry-run again before publish or snapshot writes.



## OpenAPI

````yaml /openapi.json patch /api/orgs/{id}/kpis/{kpiId}/http-syncs/{syncId}
openapi: 3.1.0
info:
  title: Atoll API
  version: 1.0.0
  description: >-
    REST API for Atoll project management, agent collaboration, strategy
    tracking, and integrations.
servers:
  - url: https://atollhq.com
    description: Production
security:
  - bearerAuth: []
tags:
  - name: Organizations
  - name: Projects
  - name: Project access
  - name: Issues
  - name: Issue details
  - name: Milestones
  - name: Strategy
  - name: Members and agents
  - name: Planning
  - name: Integrations and billing
  - name: Notifications and public
paths:
  /api/orgs/{id}/kpis/{kpiId}/http-syncs/{syncId}:
    patch:
      tags:
        - Strategy
      summary: Update KPI HTTP sync draft
      description: >-
        Human-admin-only. Updates a sync config and returns it to draft status,
        requiring validation, secrets, and dry-run again before publish or
        snapshot writes.
      operationId: patch_api_orgs_id_kpis_kpiId_http_syncs_syncId
      parameters:
        - name: id
          in: path
          required: true
          schema:
            type: string
          description: id identifier
        - name: kpiId
          in: path
          required: true
          schema:
            type: string
          description: kpiId identifier
        - name: syncId
          in: path
          required: true
          schema:
            type: string
          description: syncId identifier
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/KpiHttpSyncDraftInput'
        description: Human-admin-only KPI HTTP sync draft updates.
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                type: object
                additionalProperties: false
                properties:
                  sync:
                    $ref: '#/components/schemas/KpiHttpSync'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
        '500':
          $ref: '#/components/responses/ServerError'
      security:
        - bearerAuth: []
components:
  schemas:
    KpiHttpSyncDraftInput:
      type: object
      additionalProperties: false
      required:
        - name
        - schedule
        - request_config
        - extraction_config
      properties:
        name:
          type: string
        schedule:
          type: string
          enum:
            - hourly
            - daily
        request_config:
          $ref: '#/components/schemas/KpiHttpSyncRequestConfig'
        extraction_config:
          $ref: '#/components/schemas/KpiHttpSyncExtractionConfig'
        freshness_config:
          type: object
          additionalProperties: false
      description: >-
        GET/HTTPS/JSON-only sync draft. Destination host must already be exactly
        allowlisted. Do not include secret values, query strings, request
        bodies, redirects, or raw third-party payloads.
    KpiHttpSync:
      type: object
      additionalProperties: true
      properties:
        id:
          type: string
        status:
          type: string
          enum:
            - draft
            - published
            - disabled
        schedule:
          type: string
          enum:
            - hourly
            - daily
        config_hash:
          type: string
        config_version:
          type: integer
    KpiHttpSyncRequestConfig:
      type: object
      additionalProperties: false
      required:
        - method
        - url
      properties:
        method:
          type: string
          enum:
            - GET
        url:
          type: string
          format: uri
          description: >-
            HTTPS URL on an already exact-host-allowlisted destination. No
            credentials, fragments, query strings, redirects, or non-443 ports
            in v1.
        headers:
          type: object
          additionalProperties: false
          properties:
            Accept:
              type: string
              enum:
                - application/json
            Authorization:
              $ref: '#/components/schemas/KpiHttpSyncAuthorizationSecretRef'
            X-API-Key:
              $ref: '#/components/schemas/KpiHttpSyncApiKeySecretRef'
        jsonBody:
          type: 'null'
          description: Request bodies are disabled in v1.
    KpiHttpSyncExtractionConfig:
      type: object
      additionalProperties: false
      required:
        - contentType
        - pointer
      properties:
        contentType:
          type: string
          enum:
            - json
        pointer:
          type: string
          description: JSON Pointer to exactly one finite numeric value.
        numeric:
          type: object
          additionalProperties: false
          properties:
            mode:
              type: string
              enum:
                - number
            percentageScale:
              oneOf:
                - type: number
                  enum:
                    - 1
                    - 100
                - type: 'null'
    Error:
      type: object
      properties:
        error:
          type: string
        code:
          type: string
      required:
        - error
      additionalProperties: true
    KpiHttpSyncAuthorizationSecretRef:
      type: object
      additionalProperties: false
      required:
        - secretRef
        - format
      properties:
        secretRef:
          type: string
          pattern: ^[a-z][a-z0-9_]{2,39}$
          description: Placeholder name only. Store the secret value in Atoll UI.
        format:
          type: string
          enum:
            - Bearer {value}
      description: >-
        Authorization header secret placeholder. The actual bearer token is
        entered by a human admin in Atoll.
    KpiHttpSyncApiKeySecretRef:
      type: object
      additionalProperties: false
      required:
        - secretRef
        - format
      properties:
        secretRef:
          type: string
          pattern: ^[a-z][a-z0-9_]{2,39}$
          description: Placeholder name only. Store the secret value in Atoll UI.
        format:
          type: string
          enum:
            - '{value}'
      description: >-
        X-API-Key header secret placeholder. The actual API key is entered by a
        human admin in Atoll.
  responses:
    BadRequest:
      description: Invalid request
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: Missing or invalid authentication
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Forbidden:
      description: Authenticated but not allowed
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    NotFound:
      description: Resource not found or not visible
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    ServerError:
      description: Unexpected server error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: sk_atoll_<key>

````