Create Web Key
Generate a private and public key pair. The private key can be used to sign OIDC tokens after activation.
The public key can be used to validate OIDC tokens.
The newly created key will have the state STATE_INITIAL and is published to the public key endpoint.
Note that the JWKs OIDC endpoint returns a cacheable response.
If no key type is provided, a RSA key pair with 2048 bits and SHA256 hashing will be created.
Required permission:
iam.web_key.write
Header Parameters
Define the version of the Connect protocol
1Define the timeout, in ms
Request Body
application/json
Create a ECDSA key pair and specify the curve. If no curve is provided, a ECDSA key pair with P-256 curve will be created.
Response Body
application/json
application/json
curl -X POST "https://loading/zitadel.webkey.v2.WebKeyService/CreateWebKey" \ -H "Connect-Protocol-Version: 1" \ -H "Content-Type: application/json" \ -d '{ "ecdsa": {} }'{
"id": "string",
"creationDate": "2023-01-15T01:30:15.01Z"
}{
"code": "not_found",
"message": "string",
"details": [
{
"type": "string",
"value": "string",
"debug": {}
}
]
}Was this page helpful?
Activate Web Key
Activate Web Key: Switch the active signing web key. The previously active key will be deactivated. Note that the JWKs OIDC endpoint returns a cacheable response. Therefore it is not advised to activate a key that h...
Delete Web Key
Delete Web Key: Delete a web key pair. Only inactive keys can be deleted. Once a key is deleted, any tokens signed by this key will be invalid. Note that the JWKs OIDC endpoint returns a cacheable response. In cas...