ZITADEL Docs
APIsCore ResourcesV2Web Key

Activate Web Key

Switch the active signing web key. The previously active key will be deactivated. Note that the JWKs OIDC endpoint returns a cacheable response. Therefore it is not advised to activate a key that has been created within the cache duration (default is 5min), as the public key may not have been propagated to caches and clients yet.

Required permission:

  • iam.web_key.write
POST
/zitadel.webkey.v2.WebKeyService/ActivateWebKey

Header Parameters

Connect-Protocol-Version*number

Define the version of the Connect protocol

Value in1
Connect-Timeout-Ms?number

Define the timeout, in ms

Request Body

application/json

id*string

The unique identifier of the key to activate.

[key: string]?never

Response Body

application/json

application/json

curl -X POST "https://loading/zitadel.webkey.v2.WebKeyService/ActivateWebKey" \  -H "Connect-Protocol-Version: 1" \  -H "Content-Type: application/json" \  -d '{    "id": "string"  }'
{
  "changeDate": "2023-01-15T01:30:15.01Z"
}
{
  "code": "not_found",
  "message": "string",
  "details": [
    {
      "type": "string",
      "value": "string",
      "debug": {}
    }
  ]
}

Was this page helpful?

Webkey API

Explore the Webkey API operation in the ZITADEL API. Learn about request parameters, response schemas, and integration details for this endpoint.

Create Web Key

Create Web Key: Generate a private and public key pair. The private key can be used to sign OIDC tokens after activation. The public key can be used to validate OIDC tokens. The newly created key will have the sta...