Update Turnstile Config
POST
/web/v1/system/workspaces/{workspaceId}/institutions/{institutionBizId}/portals/turnstile/update WEBUpdates the Cloudflare Turnstile configuration for the specified institution.
Required Headers
| Header | Example Value | Description |
|---|---|---|
| Content-Type | application/json | Request content type |
| Accept | application/json | Expected response type |
| X-Client-Hash | Client device fingerprint | |
| Accept-Language | en, zh, zh-Hant, ja, vi | Response language (default: en) |
| Authorization | Bearer | JWT access token |
Request Parameters
Path Parameters
| Name | Type | Required | In | Description |
|---|---|---|---|---|
workspaceId | string | Required | path | Workspace business ID |
institutionBizId | string | Required | path | Institution business ID |
Request Body
InstitutionTurnstileUpdateRequest:
| Name | Type | Required | In | Description |
|---|---|---|---|---|
turnstileSiteKey | string | Required | body | Cloudflare Turnstile site key (max 255 characters) |
turnstileSecretKey | string | Required | body | Cloudflare Turnstile secret key (max 255 characters) |
remark | string | Optional | body | Configuration remark (max 255 characters) |
enabled | boolean | Optional | body | Whether to enable Turnstile (optional, preserves current state if omitted) |
Example request body:
Request Body 200
{
"turnstileSiteKey": "0x4AAAAAAABkMYinukE8nMDQ",
"turnstileSecretKey": "0x4AAAAAAABkMYsecretKeyValue",
"remark": "Production turnstile config",
"enabled": true
}Request Example
json
{
"turnstileSiteKey": "0x4AAAAAAAB...",
"turnstileSecretKey": "0x4AAAAAAAB...",
"remark": "Production config"
}Success Response
Success 200
{
"success": true,
"code": "2000",
"message": "SUCCESS",
"data": {
"id": 1,
"institutionBizId": "INST_ACME_001",
"turnstileSiteKey": "0x4AAAAAAABkMYinukE8nMDQ",
"turnstileSecretKey": "****alue",
"enabled": true,
"remark": "Production turnstile config",
"createdAt": "2026-03-21T00:00:00Z",
"updatedAt": "2026-03-23T10:00:00Z"
}
}Error Responses
| Code | Description |
|---|---|
4000 | Validation error (missing required keys or exceeds max length) |
4010 | Unauthorized (invalid or missing JWT token) |
4040 | Institution not found |
Notes
- Both
turnstileSiteKeyandturnstileSecretKeyare required fields. - The secret key is masked in the response. Only the last 4 characters are visible (format:
****xxxx). - If no Turnstile configuration exists yet, this endpoint creates one.
- To toggle Turnstile on/off without changing keys, use Enable Turnstile / Disable Turnstile.