> ## Documentation Index
> Fetch the complete documentation index at: https://docs.aitasker.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Save Config

> Save a multi-field configuration for a team integration (e.g. Keystatic, WordPress).

Sensitive fields (``github_token`` for Keystatic, ``app_password`` /
``application_password`` for WordPress) per the
``_SENSITIVE_EXTRA_DATA_KEYS`` map are split out of ``body.config``
via ``team_integration_service.extract_sensitive_for_storage``,
encrypted with AES-256-GCM, and persisted on
``IntegrationCredential.access_token_encrypted``. The remaining
non-sensitive config writes to ``extra_data`` (REPLACE semantics —
POST is the create / full-rewrite path, distinct from PATCH's
shallow merge). See migration e8b3encsec01.

On row UPDATE, a blank sensitive value preserves the stored
encrypted secret (re-saving config without re-typing the token
is supported). On row CREATE without a sensitive value, the
encrypted column is left NULL; the verify_post_migration
invariant will flag the row if it's also ``status='connected'``.



## OpenAPI

````yaml /openapi.json post /api/v1/teams/{team_id}/integrations/{provider}/config
openapi: 3.1.0
info:
  title: AITasker
  version: 0.1.0
servers: []
security: []
paths:
  /api/v1/teams/{team_id}/integrations/{provider}/config:
    post:
      tags:
        - Team Integrations
      summary: Save Config
      description: >-
        Save a multi-field configuration for a team integration (e.g. Keystatic,
        WordPress).


        Sensitive fields (``github_token`` for Keystatic, ``app_password`` /

        ``application_password`` for WordPress) per the

        ``_SENSITIVE_EXTRA_DATA_KEYS`` map are split out of ``body.config``

        via ``team_integration_service.extract_sensitive_for_storage``,

        encrypted with AES-256-GCM, and persisted on

        ``IntegrationCredential.access_token_encrypted``. The remaining

        non-sensitive config writes to ``extra_data`` (REPLACE semantics —

        POST is the create / full-rewrite path, distinct from PATCH's

        shallow merge). See migration e8b3encsec01.


        On row UPDATE, a blank sensitive value preserves the stored

        encrypted secret (re-saving config without re-typing the token

        is supported). On row CREATE without a sensitive value, the

        encrypted column is left NULL; the verify_post_migration

        invariant will flag the row if it's also ``status='connected'``.
      operationId: save_config_api_v1_teams__team_id__integrations__provider__config_post
      parameters:
        - name: team_id
          in: path
          required: true
          schema:
            type: string
            format: uuid
            title: Team Id
        - name: provider
          in: path
          required: true
          schema:
            type: string
            title: Provider
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ConfigRequest'
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CallbackResponse'
        '422':
          description: Validation Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/HTTPValidationError'
      security:
        - HTTPBearer: []
components:
  schemas:
    ConfigRequest:
      properties:
        config:
          additionalProperties: true
          type: object
          title: Config
      type: object
      required:
        - config
      title: ConfigRequest
      description: |-
        Multi-field config payload.

        ``config`` accepts ``Any`` values (not just ``str``) so nested
        structures like Keystatic's ``content_paths`` — a ``{task_type:
        path}`` dict — can round-trip through the API and JSONB column
        without forcing the frontend to ``JSON.stringify`` them. The
        pre-2026-06-02 shape was ``dict[str, str]`` which (a) made the
        frontend serialise nested dicts to JSON strings and then (b) made
        the publish-leg resolver crash on those strings with
        ``AttributeError: 'str' object has no attribute 'get'`` — the
        CMT publish loop incident.

        The backend resolver (``KeystaticAdapter._resolve_content_path``)
        still defensively handles JSON-stringified shapes for back-compat
        with credentials saved before this widening (PR #1835). New saves
        go in as native dicts via this widened schema.
    CallbackResponse:
      properties:
        provider:
          type: string
          title: Provider
        status:
          type: string
          title: Status
        account_name:
          type: string
          title: Account Name
      type: object
      required:
        - provider
        - status
        - account_name
      title: CallbackResponse
    HTTPValidationError:
      properties:
        detail:
          items:
            $ref: '#/components/schemas/ValidationError'
          type: array
          title: Detail
      type: object
      title: HTTPValidationError
    ValidationError:
      properties:
        loc:
          items:
            anyOf:
              - type: string
              - type: integer
          type: array
          title: Location
        msg:
          type: string
          title: Message
        type:
          type: string
          title: Error Type
        input:
          title: Input
        ctx:
          type: object
          title: Context
      type: object
      required:
        - loc
        - msg
        - type
      title: ValidationError
  securitySchemes:
    HTTPBearer:
      type: http
      scheme: bearer

````