ZITADEL Docs
APIsCore ResourcesV2Action

DeactivatePublicKey

Deactivate Public Key

Deactivates the public key for payload encryption. The public key will no longer be used to encrypt payloads sent to the target. Be aware that deactivating the active key will leave the target without an active key. Subsequent calls to the target with payload type PAYLOAD_TYPE_JWE will fail until a new key is activated. This endpoint can be used in break glass scenarios to quickly disable a compromised key. Deactivating a key that is already inactive is a no-op.

Required permission:

  • action.target.write
POST
/v2/actions/targets/{target_id}/publickeys/{key_id}/deactivate

Path Parameters

target_id*string

TargetID is the unique identifier of the target to deactivate the public key for.

key_id*string

KeyID is the unique identifier of the public key to deactivate.

Response Body

application/json

application/json

curl -X POST "https://loading/v2/actions/targets/string/publickeys/string/deactivate"
{
  "changeDate": "1s"
}
{
  "code": "not_found",
  "message": "string",
  "detail": {
    "type": "string",
    "value": "string",
    "debug": {}
  }
}

Was this page helpful?

CreateTarget

Previous Page

DeleteTarget

Next Page