Update card template
Updates an existing card template. Submitting template_objects replaces
the entire objects array.
Three special update modes are recognised:
- Soft-delete: PATCH deleted_at to a non-null timestamp to
soft-delete (or null to restore). The server records deleted_by_id
from the authenticated user. Soft-delete is permitted for any admin
in the account, regardless of editable_by or owner_id.
- Owner transfer: PATCH owner_id to reassign ownership. Permitted
for the current owner or any admin in the account. The new value must
be the ID of an admin in the same account.
- Content edits (any other writable field): respect the existing
editable_by rule; if editable_by is owner_only, only the
current owner may edit.
/api/3/card_templates/{id}
Authentication
This endpoint requires authentication:
Use an OAuth 2.0 access token in the Authorization header. This is the recommended authentication method for all integrations. OAuth provides automatic token expiration, granular permission scopes, detailed usage tracking, and per-integration revocation. Learn how to obtain an access token.
Header Format:
Authorization: Bearer YOUR_ACCESS_TOKEN
Required Scopes:
private.account.card_template
Parameters
Path Parameters
id
integer
Card template ID
Request Body
card_template
object
Show child attributes
uuid
string
Client-generated UUID (required for creation)
name
string
Template display name (required for creation)
template_type_id
integer
ID of the template type. Prefer template_type_code for portability across environments
template_type_code
string
eg. ISO_CARD_STANDARD
Code of the template type (e.g. ISO_CARD_STANDARD). Resolved server-side; takes precedence over template_type_id if both are given
card_type
string
double_sided
boolean
orientation_front
string
orientation_back
string
default_template
boolean
template_objects
array
Free-form JSONB objects representing layout elements. Replaces the entire array on update
editable_by
string
Who can edit this template
owner_id
integer
Reassign ownership. Allowed for the current owner or any admin in the account. The new owner must be an admin in the same account. Ignored on create (owner is set server-side from the authenticated user).
deleted_at
string
Soft-delete timestamp. PATCH only. Setting a non-null value soft-deletes the template; setting null restores it. The deleted_by_id field is set server-side. For permanent deletion, use DELETE /card_templates/{id}.
change_request_id
string
Idempotency key for this change request
Example
{
"card_template": {
"uuid": "string",
"name": "string",
"template_type_id": 0,
"template_type_code": "ISO_CARD_STANDARD",
"card_type": "string",
"double_sided": false,
"orientation_front": "string",
"orientation_back": "string",
"default_template": false,
"template_objects": [
{}
],
"editable_by": "string",
"owner_id": 0,
"deleted_at": "string",
"change_request_id": "string"
}
}Responses
Card template updated successfully
Response Fields
id
integer
required
Server-assigned identifier
eg. 42
uuid
string
required
Client-generated UUID (RFC 4122)
eg. 550E8400-E29B-41D4-A716-446655440000
name
string
required
Template display name, unique per account
eg. Staff Card
template_type_code
string
required
References a template type code
eg. ISO_CARD
card_type
string
Card finish/format
eg. standard
double_sided
boolean
Whether the card has a reverse side
eg. true
orientation_front
string
P = Portrait, L = Landscape
eg. P
orientation_back
string
P = Portrait, L = Landscape
eg. L
default_template
boolean
Whether this is the account default template
background_image_front_url
string | null
URL to the front background image, or null if not set
background_image_back_url
string | null
URL to the back background image, or null if not set
template_objects
array<object>
Free-form JSONB objects representing layout elements on this template
owner_id
integer | null
ID of the user who owns this template, or null if unowned. Set server-side on create. May be reassigned via PATCH by the current owner or by any admin in the account; the new value must be the ID of an admin in the same account.
editable_by
string
Who can edit this template
deleted_at
string | null
Soft-delete timestamp. Null for live templates. Writable via PATCH: sending a non-null value soft-deletes the template; sending null restores it. Soft-deleted templates are excluded from index by default (see include_deleted).
deleted_by_id
integer | null
ID of the user who soft-deleted this template, set server-side from the authenticated user when deleted_at is written. Cleared when deleted_at is cleared.
linked_files
array<object>
Files linked to this template (images, fonts, etc.)
created_at
string
ISO 8601 UTC timestamp.
updated_at
string
ISO 8601 UTC timestamp.
Unauthorized - Invalid or missing authentication
Response Fields
error
string
eg. unauthorized
error_description
string
eg. The access token is invalid
Forbidden - User does not have permission
Response Fields
error
string
eg. forbidden
error_description
string
eg. You are not authorized to access this resource
Not Found - Resource does not exist or is not an admission request event
Response Fields
error
string
eg. not_found
error_description
string
eg. The requested resource was not found
Unprocessable Entity - Validation failed
Response Fields
error
string
Error message
errors
object
Field-specific validation errors
Show child attributes
value
array
eg. ["value is already in use on your account", "must be between 4 and 7 digits in length"]
Validation errors for the credential value
credential_type_id
array
eg. ["Not found for this account"]
Validation errors for the credential type
limit_reached
string
eg. You have reached your HID Mobile licence limit. Please contact DoorFlow Support.
License limit error message
Internal Server Error
Response Fields
error
string
eg. internal_server_error
error_description
string
eg. An unexpected error occurred