diff --git a/server/app/domains/model_provider/service/provider_service.py b/server/app/domains/model_provider/service/provider_service.py
index 599d3f728..d0592b510 100644
--- a/server/app/domains/model_provider/service/provider_service.py
+++ b/server/app/domains/model_provider/service/provider_service.py
@@ -65,8 +65,18 @@ def update(provider_id: int, user_id: int, data: dict) -> dict:
             ).first()
             if not model:
                 return {"success": False, "error_code": "PROVIDER_NOT_FOUND"}
-            # H10: only allow updating safe fields
-            _UPDATABLE_FIELDS = {"provider_name", "api_key", "api_base", "extra_config", "prefer", "is_vaild"}
+            # H10: only allow updating safe fields. Field names must match the
+            # `Provider` ORM model (and `ProviderIn` request schema) verbatim —
+            # `setattr(model, key, value)` silently no-ops on a missing field.
+            _UPDATABLE_FIELDS = {
+                "provider_name",
+                "api_key",
+                "model_type",
+                "endpoint_url",
+                "encrypted_config",
+                "prefer",
+                "is_vaild",
+            }
             for key, value in data.items():
                 if key in _UPDATABLE_FIELDS:
                     setattr(model, key, value)