diff --git a/apiserver/apimodels/auth.py b/apiserver/apimodels/auth.py
index 2796bc0..9cf394c 100644
--- a/apiserver/apimodels/auth.py
+++ b/apiserver/apimodels/auth.py
@@ -96,6 +96,11 @@ class GetCredentialsResponse(Base):
     credentials = ListField(CredentialsResponse)
 
 
+class EditCredentialsRequest(Base):
+    access_key = StringField(required=True)
+    label = StringField()
+
+
 class RevokeCredentialsRequest(Base):
     access_key = StringField(required=True)
 
diff --git a/apiserver/schema/services/auth.conf b/apiserver/schema/services/auth.conf
index a821059..892c2e7 100644
--- a/apiserver/schema/services/auth.conf
+++ b/apiserver/schema/services/auth.conf
@@ -262,6 +262,38 @@ get_credentials {
     }
 }
 
+edit_credentials {
+    allow_roles = [ "*" ]
+    internal: false
+    "2.19" {
+        description: """Updates the label of the existing credentials for the authenticated user."""
+        request {
+            type: object
+            required: [ access_key ]
+            properties {
+                access_key {
+                    type: string
+                    description: Existing credentials key
+                }
+                label {
+                    type: string
+                    description: New credentials label
+                }
+            }
+        }
+        response {
+            type: object
+            properties {
+                updated {
+                    description: "Number of credentials updated"
+                    type: integer
+                    enum: [0, 1]
+                }
+            }
+        }
+    }
+}
+
 revoke_credentials {
     allow_roles = [ "*" ]
     internal: false
diff --git a/apiserver/services/auth.py b/apiserver/services/auth.py
index c374555..66580d3 100644
--- a/apiserver/services/auth.py
+++ b/apiserver/services/auth.py
@@ -14,6 +14,7 @@ from apiserver.apimodels.auth import (
     RevokeCredentialsRequest,
     EditUserReq,
     CreateCredentialsRequest,
+    EditCredentialsRequest,
 )
 from apiserver.apimodels.base import UpdateResponse
 from apiserver.bll.auth import AuthBLL
@@ -122,6 +123,28 @@ def create_credentials(call: APICall, _, request: CreateCredentialsRequest):
     call.result.data_model = CreateCredentialsResponse(credentials=credentials)
 
 
+@endpoint("auth.edit_credentials")
+def edit_credentials(call: APICall, company_id: str, request: EditCredentialsRequest):
+    identity = call.identity
+    access_key = request.access_key
+
+    company_values = [None, company_id]
+    updated = User.objects(
+        id=identity.user,
+        company=company_id,
+        credentials__match={"key": access_key, "company__in": company_values},
+    ).update_one(set__credentials__S__label=request.label)
+    if not updated:
+        raise errors.bad_request.InvalidAccessKey(
+            "invalid user or invalid access key",
+            user=identity.user,
+            access_key=access_key,
+            company=company_id,
+        )
+
+    call.result.data = {"updated": updated}
+
+
 @endpoint(
     "auth.revoke_credentials",
     request_data_model=RevokeCredentialsRequest,