Associates a different key pair with an existing client-side encryption identity. The updated key pair must validate against Google's S/MIME certificate profiles.
For administrators managing identities and keypairs for users in their organization, requests require authorization with a service account that has domain-wide delegation authority to impersonate users with the https://www.googleapis.com/auth/gmail.settings.basic scope.
For users managing their own identities and keypairs, requests require hardware key encryption turned on and configured.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-06-12 UTC."],[],[],null,["# Method: users.settings.cse.identities.patch\n\n- [HTTP request](#body.HTTP_TEMPLATE)\n- [Path parameters](#body.PATH_PARAMETERS)\n- [Request body](#body.request_body)\n- [Response body](#body.response_body)\n- [Authorization scopes](#body.aspect)\n- [Try it!](#try-it)\n\nAssociates a different key pair with an existing client-side encryption identity. The updated key pair must validate against Google's [S/MIME certificate profiles](https://support.google.com/a/answer/7300887).\n\nFor administrators managing identities and keypairs for users in their organization, requests require authorization with a [service account](https://developers.google.com/identity/protocols/OAuth2ServiceAccount) that has [domain-wide delegation authority](https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority) to impersonate users with the `https://www.googleapis.com/auth/gmail.settings.basic` scope.\n\nFor users managing their own identities and keypairs, requests require [hardware key encryption](https://support.google.com/a/answer/14153163) turned on and configured.\n\n### HTTP request\n\n`PATCH https://gmail.googleapis.com/gmail/v1/users/{userId}/settings/cse/identities/{emailAddress}`\n\nThe URL uses [gRPC Transcoding](https://google.aip.dev/127) syntax.\n\n### Path parameters\n\n| Parameters ||\n|----------------|-------------------------------------------------------------------------------------------------------------------------|\n| `userId` | `string` The requester's primary email address. To indicate the authenticated user, you can use the special value `me`. |\n| `emailAddress` | `string` The email address of the client-side encryption identity to update. |\n\n### Request body\n\nThe request body contains an instance of [CseIdentity](/workspace/gmail/api/reference/rest/v1/users.settings.cse.identities#CseIdentity).\n\n### Response body\n\nIf successful, the response body contains an instance of [CseIdentity](/workspace/gmail/api/reference/rest/v1/users.settings.cse.identities#CseIdentity).\n\n### Authorization scopes\n\nRequires one of the following OAuth scopes:\n\n- `https://www.googleapis.com/auth/gmail.settings.basic`\n- `\n https://www.googleapis.com/auth/gmail.settings.sharing`\n\nFor more information, see the [Authorization guide](/workspace/guides/configure-oauth-consent)."]]