Application Credentials

Specifies credentials and scheme for the application's signOnMode

Application Key Credential

The application Key Credential object defines a JSON Web Key for a signature or encryption credential for an application.

Notes:

  • To update the app, you can provide just the Signing Credential object instead of the entire Application Credential object.
  • Currently only the X.509 JWK format is supported for applications with the SAML_2_0 sign-on mode.

List all Certificate Signing Requests
OAuth 2.0: okta.apps.read

Lists all Certificate Signing Requests for an application

Request
path Parameters
appId
required
string

Application ID

Example: 0oafxqCAJWWGELFTYASJ
Responses
200

Success

403

Forbidden

404

Not Found

429

Too Many Requests

get/api/v1/apps/{appId}/credentials/csrs
Request samples 
Response samples 
application/json
[
  • {
    • "created": "2019-08-24T14:15:22Z",
    • "csr": "string",
    • "id": "string",
    • "kty": "string"
    }
]
Generate a Certificate Signing Request
OAuth 2.0: okta.apps.manage
Generates a new key pair and returns the Certificate Signing Request for it


Request 
path Parameters
appId
required
string
Application ID


 
 Example:  0oafxqCAJWWGELFTYASJ
Request Body schema: application/json
required
object (CsrMetadataSubject) 
 
commonName
string
 
countryName
string
 
localityName
string
 
organizationalUnitName
string
 
organizationName
string
 
stateOrProvinceName
string
 
object (CsrMetadataSubjectAltNames) 
 
dnsNames
Array of strings
 
Responses 
201
Created


400
Bad Request


403
Forbidden


404
Not Found


429
Too Many Requests


post/api/v1/apps/{appId}/credentials/csrs
Request samples 
application/json
{
  • "subject": {
    • "commonName": "string",
    • "countryName": "string",
    • "localityName": "string",
    • "organizationalUnitName": "string",
    • "organizationName": "string",
    • "stateOrProvinceName": "string"
    },
  • "subjectAltNames": {
    • "dnsNames": [
      ]
    }
}
Response samples 
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "csr": "string",
  • "id": "string",
  • "kty": "string"
}
Retrieve a Certificate Signing Request
OAuth 2.0: okta.apps.read
Retrieves a certificate signing request for the app by id


Request 
path Parameters
appId
required
string
Application ID


 
 Example:  0oafxqCAJWWGELFTYASJ
csrId
required
string
id of the CSR


 
 Example:  fd7x1h7uTcZFx22rU1f7
Responses 
200
Success


403
Forbidden


404
Not Found


429
Too Many Requests


get/api/v1/apps/{appId}/credentials/csrs/{csrId}
Request samples 
Response samples 
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "csr": "string",
  • "id": "string",
  • "kty": "string"
}
Revoke a Certificate Signing Request
OAuth 2.0: okta.apps.manage
Revokes a certificate signing request and deletes the key pair from the application


Request 
path Parameters
appId
required
string
Application ID


 
 Example:  0oafxqCAJWWGELFTYASJ
csrId
required
string
id of the CSR


 
 Example:  fd7x1h7uTcZFx22rU1f7
Responses 
204
No Content


403
Forbidden


404
Not Found


429
Too Many Requests


delete/api/v1/apps/{appId}/credentials/csrs/{csrId}
Request samples 
Response samples 
application/json
{
  • "errorCode": "E0000006",
  • "errorSummary": "You do not have permission to perform the requested action",
  • "errorLink": "E0000006",
  • "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
  • "errorCauses": [ ]
}
Publish a Certificate Signing Request
OAuth 2.0: okta.apps.manage
Publishes a certificate signing request for the app with a signed X.509 certificate and adds it into the application key credentials


Request 
path Parameters
appId
required
string
Application ID


 
 Example:  0oafxqCAJWWGELFTYASJ
csrId
required
string
id of the CSR


 
 Example:  fd7x1h7uTcZFx22rU1f7
Request Body schema: 
required
string <binary> 
 
Responses 
201
Created


400
Bad Request


403
Forbidden


404
Not Found


429
Too Many Requests


post/api/v1/apps/{appId}/credentials/csrs/{csrId}/lifecycle/publish
Request samples 
Response samples 
application/json
{
  • "alg": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "e": "string",
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "key_ops": [
    • "string"
    ],
  • "kid": "string",
  • "kty": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "n": "string",
  • "status": "string",
  • "use": "string",
  • "x5c": [
    • "string"
    ],
  • "x5t": "string",
  • "x5t#S256": "string",
  • "x5u": "string",
  • "_links": {
    • "self": {
      }
    }
}
List all Key Credentials
OAuth 2.0: okta.apps.read
Lists all key credentials for an application


Request 
path Parameters
appId
required
string
Application ID


 
 Example:  0oafxqCAJWWGELFTYASJ
Responses 
200
Success


403
Forbidden


404
Not Found


429
Too Many Requests


get/api/v1/apps/{appId}/credentials/keys
Request samples 
Response samples 
application/json
[
  • {
    • "alg": "string",
    • "created": "2019-08-24T14:15:22Z",
    • "e": "string",
    • "expiresAt": "2019-08-24T14:15:22Z",
    • "key_ops": [
      ],
    • "kid": "string",
    • "kty": "string",
    • "lastUpdated": "2019-08-24T14:15:22Z",
    • "n": "string",
    • "status": "string",
    • "use": "string",
    • "x5c": [
      ],
    • "x5t": "string",
    • "x5t#S256": "string",
    • "x5u": "string",
    • "_links": {
      }
    }
]
Generate a Key Credential
OAuth 2.0: okta.apps.manage
Generates a new X.509 certificate for an application key credential


Request 
path Parameters
appId
required
string
Application ID


 
 Example:  0oafxqCAJWWGELFTYASJ
query Parameters
validityYears
integer
 
Responses 
201
Created


403
Forbidden


404
Not Found


429
Too Many Requests


post/api/v1/apps/{appId}/credentials/keys/generate
Request samples 
Response samples 
application/json
{
  • "alg": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "e": "string",
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "key_ops": [
    • "string"
    ],
  • "kid": "string",
  • "kty": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "n": "string",
  • "status": "string",
  • "use": "string",
  • "x5c": [
    • "string"
    ],
  • "x5t": "string",
  • "x5t#S256": "string",
  • "x5u": "string",
  • "_links": {
    • "self": {
      }
    }
}
Retrieve a Key Credential
OAuth 2.0: okta.apps.read
Retrieves a specific application key credential by kid


Request 
path Parameters
appId
required
string
Application ID


 
 Example:  0oafxqCAJWWGELFTYASJ
keyId
required
string
ID of the Key Credential for the application


 
 Example:  sjP9eiETijYz110VkhHN
Responses 
200
Success


403
Forbidden


404
Not Found


429
Too Many Requests


get/api/v1/apps/{appId}/credentials/keys/{keyId}
Request samples 
Response samples 
application/json
{
  • "alg": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "e": "string",
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "key_ops": [
    • "string"
    ],
  • "kid": "string",
  • "kty": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "n": "string",
  • "status": "string",
  • "use": "string",
  • "x5c": [
    • "string"
    ],
  • "x5t": "string",
  • "x5t#S256": "string",
  • "x5u": "string",
  • "_links": {
    • "self": {
      }
    }
}
Clone a Key Credential
OAuth 2.0: okta.apps.manage
Clones a X.509 certificate for an application key credential from a source application to target application.


Request 
path Parameters
appId
required
string
Application ID


 
 Example:  0oafxqCAJWWGELFTYASJ
keyId
required
string
ID of the Key Credential for the application


 
 Example:  sjP9eiETijYz110VkhHN
query Parameters
targetAid
required
string
Unique key of the target Application


 
Responses 
201
Created


403
Forbidden


404
Not Found


429
Too Many Requests


post/api/v1/apps/{appId}/credentials/keys/{keyId}/clone
Request samples 
Response samples 
application/json
{
  • "alg": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "e": "string",
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "key_ops": [
    • "string"
    ],
  • "kid": "string",
  • "kty": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "n": "string",
  • "status": "string",
  • "use": "string",
  • "x5c": [
    • "string"
    ],
  • "x5t": "string",
  • "x5t#S256": "string",
  • "x5u": "string",
  • "_links": {
    • "self": {
      }
    }
}