The Okta Key Management API provides a CRUD interface for JSON Web Keys (JWK) used with other parts of the application, such as inline hooks. For information on how to create inline hooks, see inline hooks.
Note: Some of the curl code examples on this page include SSWS API token authentication. However, Okta recommends using scoped OAuth 2.0 and OIDC access tokens to authenticate with Okta management APIs. OAuth 2.0 and OIDC access tokens provide fine-grain control over the bearer's actions on specific endpoints. See Okta API authentication methods.
Lists all keys
Success
Forbidden
Too Many Requests
[- {
- "id": "HKY1i2htmXF5UNQhL0g4",
- "keyId": "bb5bed7d-6e4d-488f-9c86-59b93a2bb3fb",
- "name": "My new key",
- "created": "2022-08-22T16:34:33.000Z",
- "lastUpdated": "2022-08-22T16:34:33.000Z",
- "isUsed": "true"
}, - {
- "id": "HKY1p7jWLndGQV9M60g4",
- "keyId": "7fbc27fd-e3df-4522-86bf-1930110256ad",
- "name": "Test key",
- "created": "2022-08-31T18:09:58.000Z",
- "lastUpdated": "2022-08-31T18:09:58.000Z",
- "isUsed": "false"
}
]Creates a key for use with other parts of the application, such as inline hooks
Note: Use the key name to access this key for inline hook operations.
The total number of keys that you can create in an Okta org is limited to 50.
The response is a Key object that represents the
key that you create. The id property in the response serves as the unique ID for the key, which you can specify when
invoking other CRUD operations. The keyId provided in the response is the alias of the public key that you can use to get
details of the public key data in a separate call.
Note: The keyId is the alias of the public key that you can use to retrieve the public key.
Success
Bad Request
Forbidden
Too Many Requests
{- "name": "string"
}{- "id": "HKY1p7jWLndGQV9M60g4",
- "keyId": "7fbc27fd-e3df-4522-86bf-1930110256ad",
- "name": "My new key",
- "created": "2022-08-31T18:09:58.000Z",
- "lastUpdated": "2022-08-31T18:09:58.000Z",
- "isUsed": "false",
- "_embedded": {
- "kty": "RSA",
- "alg": "RSA",
- "kid": "7fbc27fd-e3df-4522-86bf-1930110256ad",
- "use": "null",
- "e": "AQAB",
- "n": "2naqCnv6r4xNQs7207lRtKQvdtnlVND-8k5iYBIiqoKGY3CqUmRm1jleoOniiQoMkFX8Wj2DmVqr002efF3vOQ7_gjtTatBTVUNbNIQLybun4dkVoUtfP7pRc5SLpcP3eGPRVar734ZrpQXzmCEdpqBt3jrVjwYjNE5DqOjbYXFJtMsy8CWE9LRJ3kyHEoHPzo22dG_vMrXH0_sAQoCk_4TgNCbvyzVmGVYXI_BkUnp0hv2pR4bQVRYzGB9dKJdctOh8zULqc_EJ8tiYsS05YnF7whrWEyARK0rH-e4d4W-OmBTga_zhY4kJ4NsoQ4PyvcatZkxjPO92QHQOFDnf3w`"
}
}Retrieves a public key by keyId
Note: keyId is the alias of the public key.
Success
Forbidden
Not Found
Too Many Requests
{- "_embedded": {
- "kty": "RSA",
- "alg": "RSA",
- "kid": "7fbc27fd-e3df-4522-86bf-1930110256ad",
- "use": null,
- "e": "AQAB",
- "n": "2naqCnv6r4xNQs7207lRtKQvdtnlVND-8k5iYBIiqoKGY3CqUmRm1jleoOniiQoMkFX8Wj2DmVqr002efF3vOQ7_gjtTatBTVUNbNIQLybun4dkVoUtfP7pRc5SLpcP3eGPRVar734ZrpQXzmCEdpqBt3jrVjwYjNE5DqOjbYXFJtMsy8CWE9LRJ3kyHEoHPzo22dG_vMrXH0_sAQoCk_4TgNCbvyzVmGVYXI_BkUnp0hv2pR4bQVRYzGB9dKJdctOh8zULqc_EJ8tiYsS05YnF7whrWEyARK0rH-e4d4W-OmBTga_zhY4kJ4NsoQ4PyvcatZkxjPO92QHQOFDnf3w`"
}
}Retrieves the public portion of the Key object using the id parameter
Note: The
?expand=publickeyquery parameter optionally returns the full object including the details of the public key in the response body's_embeddedproperty.
Success
Forbidden
Not Found
Too Many Requests
{- "id": "HKY1p7jWLndGQV9M60g4",
- "keyId": "7fbc27fd-e3df-4522-86bf-1930110256ad",
- "name": "My new key",
- "created": "2022-08-31T18:09:58.000Z",
- "lastUpdated": "2022-08-31T18:09:58.000Z",
- "isUsed": "false"
}Replaces a key by id
This request replaces existing properties after passing validation.
Note: The only parameter that you can update is the name of the key, which must be unique at all times.
Success
Bad Request
Forbidden
Not Found
Too Many Requests
{- "name": "string"
}{- "id": "HKY1p7jWLndGQV9M60g4",
- "keyId": "7fbc27fd-e3df-4522-86bf-1930110256ad",
- "name": "My updated new key",
- "created": "2022-08-31T18:09:58.000Z",
- "lastUpdated": "2022-08-31T18:16:59.000Z",
- "isUsed": "false"
}Deletes a key by id. After being deleted, the key is unrecoverable.
As a safety precaution, only keys that aren't being used are eligible for deletion.
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}