> ## Documentation Index
> Fetch the complete documentation index at: https://documentation.qonversion.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Project Settings

> Project-level configuration, secret, and store credentials

The **Project Settings API** manages the project's top-level configuration: general settings, the project Secret Key, and per-platform store credentials (App Store shared secret / Connect API keys, Play Store service account key).

## Key concepts

* **General settings** — Project display name and optional proxy URLs (`proxy_url` for SDK traffic, `rtdn_proxy_url` for Play Store RTDN callbacks).
* **Secret rotation** — `POST /v4/project-settings/regenerate-secret` rotates the `sk_…` key. The old key is revoked; clients may see a short grace period (seconds) while internal caches expire.
* **Store config** — `GET` / `POST /v4/project-settings/stores/{platform}` where `platform` is `apple` or `google`. Stripe store config is not exposed via this API. Apple requires the App Store Connect API triplet (`connect_key_identifier` + `connect_private_key` + `connect_issuer_id`) to be sent together; same for the In-App Purchase API triplet (`iap_key_identifier` + `iap_private_key` + `iap_issuer_id`). Submitting only 1–2 of a triplet returns 422.

## Available endpoints

| Method | Endpoint                              | Description                                      | Status |
| ------ | ------------------------------------- | ------------------------------------------------ | ------ |
| GET    | `/project-settings`                   | Get project settings                             | New    |
| PATCH  | `/project-settings`                   | Update project settings                          | New    |
| POST   | `/project-settings/regenerate-secret` | Regenerate project secret key                    | New    |
| GET    | `/project-settings/stores/{platform}` | Get store configuration (`apple` or `google`)    | New    |
| POST   | `/project-settings/stores/{platform}` | Update store configuration (`apple` or `google`) | New    |

## Sensitive fields

Secrets (Apple shared secret, Apple Connect/IAP private keys, Google service account key) are **never returned** in `GET` responses. Instead the response includes boolean flags — `has_shared_secret`, `has_connect_private_key`, `has_iap_private_key`, `has_service_account_key` — that tell you whether the value is set.

On `POST` (update), omitting a secret field preserves the existing value. To rotate a secret, send the new value explicitly.

## Authentication

All v4 endpoints require a **Secret Key**. Rotating the Secret Key and updating store credentials are privileged operations in the manifest sense, but the token type is the same as for reads. See [Authentication](/reference/v4/authentication).
