`PATCH /api/apps/{id}/deployment` -- update deployment config.
const url = 'https://example.com/api/apps/2489E9AD-2EE2-8E00-8EC9-32D5F69181C0/deployment';const options = { method: 'PATCH', headers: {'Content-Type': 'application/json'}, body: '{"access_mode":"example","access_password":"example","error_page_config":"example","route_path":"example","version":"example"}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request PATCH \ --url https://example.com/api/apps/2489E9AD-2EE2-8E00-8EC9-32D5F69181C0/deployment \ --header 'Content-Type: application/json' \ --data '{ "access_mode": "example", "access_password": "example", "error_page_config": "example", "route_path": "example", "version": "example" }'Parameters
Section titled “Parameters”Path Parameters
Section titled “Path Parameters”Request Bodyrequired
Section titled “Request Bodyrequired”object
Change who may reach the App (org | public | password). Omitted ⇒
access policy unchanged. password requires access_password.
Examplegenerated
{ "access_mode": "example", "access_password": "example", "error_page_config": "example", "route_path": "example", "version": "example"}Responses
Section titled “Responses”One deployment of an App within a workspace. The status column drives
the lifecycle: draft -> deployed -> paused / undeployed. Only
deployed status makes the route publicly accessible.
object
Who may reach the deployed App: org (DEFAULT — an authenticated member of
the deployment’s workspace), public (anyone, an explicit opt-in), or
password (a shared password gate). Enforced at the serve path. The
password itself is stored only as an argon2 hash and is never part of this
model or any API response (read only by the serve-time verify).
The build artifact this deployment serves (ADR 0030 W3-4 pointer swap).
None for a plain App with no build; Some for a react/svelte App or
after a rollback re-points to a prior build. Read by the public-route
serving path (ADR 0041) to locate the dist/ artifact to serve.
Opaque per-deployment subdomain for separate-origin App hosting
(supacloud#410 / ADR 0041). When set + the instance has an
apps_base_domain, the App is served at <subdomain>.<apps_base_domain>.
None ⇒ path-based /a/{ws}/{route} serving.
Examplegenerated
{ "access_mode": "example", "app_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0", "build_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0", "created_at": "2026-04-15T12:00:00Z", "deployed_at": "2026-04-15T12:00:00Z", "deployed_by": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0", "error_page_config": "example", "id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0", "route_path": "example", "status": "example", "subdomain": "example", "undeployed_at": "2026-04-15T12:00:00Z", "updated_at": "2026-04-15T12:00:00Z", "version": "example", "workspace_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0"}