CreateWebKey

Create Web Key

Generate a private and public key pair. The private key can be used to sign OIDC tokens after activation. The public key can be used to validate OIDC tokens. The newly created key will have the state STATE_INITIAL and is published to the public key endpoint. Note that the JWKs OIDC endpoint returns a cacheable response.

If no key type is provided, a RSA key pair with 2048 bits and SHA256 hashing will be created.

Required permission:

iam.web_key.write

Header Parameters

Connect-Protocol-Version*number

Define the version of the Connect protocol

Value in1

Connect-Timeout-Ms?number

Define the timeout, in ms

Request Body

application/json

ecdsa*

Create a ECDSA key pair and specify the curve. If no curve is provided, a ECDSA key pair with P-256 curve will be created.

[key: string]?never

Response Body

`application/json`

curl -X POST "https://loading/zitadel.webkey.v2.WebKeyService/CreateWebKey" \
  -H "Connect-Protocol-Version: 1" \
  -H "Content-Type: application/json" \
  -d '{
    "ecdsa": {}
  }'

curl -X POST "https://loading/zitadel.webkey.v2.WebKeyService/CreateWebKey" \  -H "Connect-Protocol-Version: 1" \  -H "Content-Type: application/json" \  -d '{    "ecdsa": {}  }'

{
  "id": "string",
  "creationDate": "1s"
}

{
  "code": "not_found",
  "message": "string",
  "detail": {
    "type": "string",
    "value": "string",
    "debug": {}
  }
}

CreateWebKey

Header Parameters

Request Body

Response Body

200application/json

defaultapplication/json

`application/json`

`application/json`