> ## Documentation Index
> Fetch the complete documentation index at: https://docs.tensorlake.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Update Sandbox

> Update proxy-visible sandbox settings such as public exposed ports and whether ingress can skip authentication checks.

Update public ingress settings for a sandbox.

This endpoint controls the sandbox proxy allowlist, including `exposed_ports` and `allow_unauthenticated_access`.


## OpenAPI

````yaml patch /sandboxes/{sandbox_id}
openapi: 3.1.0
info:
  title: Tensorlake API
  description: >-
    Tensorlake Cloud APIs for Sandboxes, Document Ingestion, and Serverless
    Workflows
  license:
    name: ''
  version: 0.1.0
servers:
  - url: https://api.tensorlake.ai/
security:
  - bearerAuth: []
tags:
  - name: Tensorlake Cloud API
    description: >-
      Tensorlake Cloud APIs for Sandboxes, Document Ingestion, and Serverless
      Workflows
paths:
  /sandboxes/{sandbox_id}:
    parameters:
      - name: sandbox_id
        in: path
        description: The ID of the sandbox.
        required: true
        schema:
          type: string
    patch:
      tags:
        - sandboxes
      summary: Update a sandbox
      description: >-
        Update proxy-visible sandbox settings such as public exposed ports and
        whether ingress can skip authentication checks.
      operationId: update_sandbox
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/PatchSandboxRequest'
        required: true
      responses:
        '200':
          description: Sandbox updated successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SandboxInfo'
        '401':
          description: Unauthorized. Invalid or missing credentials
        '403':
          description: Forbidden. You do not have permission to access this resource
        '404':
          description: Sandbox not found
          content:
            text/plain: {}
        '409':
          description: Sandbox is terminated and cannot be updated
          content:
            text/plain: {}
        '422':
          description: Invalid properties in request body
          content:
            text/plain: {}
        '500':
          description: Internal server error
          content:
            text/plain: {}
components:
  schemas:
    PatchSandboxRequest:
      type: object
      properties:
        allow_unauthenticated_access:
          type: boolean
          description: Set or clear unauthenticated ingress routing for this sandbox.
        exposed_ports:
          type: array
          description: >-
            Replace the exposed port allowlist. Pass an empty array to clear it
            and revert to the default management port only.
          items:
            type: integer
            format: int32
            minimum: 1
            maximum: 65535
    SandboxInfo:
      type: object
      required:
        - id
        - namespace
        - status
        - created_at
        - resources
        - timeout_secs
        - allow_unauthenticated_access
      properties:
        id:
          type: string
        namespace:
          type: string
        image:
          type: string
        status:
          $ref: '#/components/schemas/SandboxStatus'
        pending_reason:
          type:
            - string
            - 'null'
          description: Present when `status` is `pending`.
        outcome:
          type:
            - string
            - 'null'
          description: >-
            Platform-specific termination outcome string returned for completed
            sandboxes.
        created_at:
          type: integer
          format: int64
          description: Milliseconds since Unix epoch.
        container_id:
          type:
            - string
            - 'null'
        executor_id:
          type:
            - string
            - 'null'
        resources:
          $ref: '#/components/schemas/ContainerResourcesInfo'
        timeout_secs:
          type: integer
          format: int64
        ingress_endpoint:
          type:
            - string
            - 'null'
          description: Canonical server-provided base for sandbox-specific ingress.
        sandbox_url:
          type:
            - string
            - 'null'
          description: Sandbox-specific management URL derived from `ingress_endpoint`.
        pool_id:
          type:
            - string
            - 'null'
        network_policy:
          oneOf:
            - type: 'null'
            - $ref: '#/components/schemas/SandboxNetworkAccessControl'
        allow_unauthenticated_access:
          type: boolean
          description: Whether sandbox ingress may route requests without auth validation.
        exposed_ports:
          type:
            - array
            - 'null'
          items:
            type: integer
            format: int32
            minimum: 1
            maximum: 65535
          description: >-
            Additional routable ingress ports. When `null`, only the management
            port `9501` is routable.
        template_id:
          type:
            - string
            - 'null'
        name:
          type:
            - string
            - 'null'
    SandboxStatus:
      type: string
      enum:
        - pending
        - running
        - snapshotting
        - suspending
        - suspended
        - terminated
    ContainerResourcesInfo:
      type: object
      required:
        - cpus
        - memory_mb
        - disk_mb
      properties:
        cpus:
          type: number
          format: double
          description: CPU allocation in cores.
        memory_mb:
          type: integer
          format: int64
          description: Memory allocation in MiB.
        disk_mb:
          type: integer
          format: int64
          description: Ephemeral root filesystem size in MiB.
    SandboxNetworkAccessControl:
      type: object
      properties:
        allow_internet_access:
          type: boolean
          default: true
          description: If false, all outbound internet access is blocked by default.
        allow_out:
          type: array
          description: Allowlisted destination IPs or CIDRs for outbound traffic.
          items:
            type: string
        deny_out:
          type: array
          description: Denylisted destination IPs or CIDRs for outbound traffic.
          items:
            type: string
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer

````