Okta.Sdk.Api.IdentityProviderSigningKeysApi

October 22, 2025 ยท View on GitHub

All URIs are relative to https://subdomain.okta.com

MethodHTTP requestDescription
CloneIdentityProviderKeyPOST /api/v1/idps/{idpId}/credentials/keys/{kid}/cloneClone a signing key credential for IdP
GenerateCsrForIdentityProviderPOST /api/v1/idps/{idpId}/credentials/csrsGenerate a certificate signing request
GenerateIdentityProviderSigningKeyPOST /api/v1/idps/{idpId}/credentials/keys/generateGenerate a new signing key credential for IdP
GetCsrForIdentityProviderGET /api/v1/idps/{idpId}/credentials/csrs/{idpCsrId}Retrieve a certificate signing request
GetIdentityProviderSigningKeyGET /api/v1/idps/{idpId}/credentials/keys/{kid}Retrieve a signing key credential for IdP
ListActiveIdentityProviderSigningKeyGET /api/v1/idps/{idpId}/credentials/keys/activeList the active signing key credential for IdP
ListCsrsForIdentityProviderGET /api/v1/idps/{idpId}/credentials/csrsList all certificate signing requests
ListIdentityProviderSigningKeysGET /api/v1/idps/{idpId}/credentials/keysList all signing key credentials for IdP
PublishCsrForIdentityProviderPOST /api/v1/idps/{idpId}/credentials/csrs/{idpCsrId}/lifecycle/publishPublish a certificate signing request
RevokeCsrForIdentityProviderDELETE /api/v1/idps/{idpId}/credentials/csrs/{idpCsrId}Revoke a certificate signing request

CloneIdentityProviderKey

IdPKeyCredential CloneIdentityProviderKey (string idpId, string kid, string targetIdpId)

Clone a signing key credential for IdP

Clones an X.509 certificate for an identity provider (IdP) signing key credential from a source IdP to target IdP > Caution: Sharing certificates isn't a recommended security practice. > Note: If the key is already present in the list of key credentials for the target IdP, you receive a 400 error response.

Example

using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;

namespace Example
{
    public class CloneIdentityProviderKeyExample
    {
        public static void Main()
        {
            Configuration config = new Configuration();
            config.OktaDomain = "https://subdomain.okta.com";
            // Configure API key authorization: apiToken
            config.Token ="YOUR_API_KEY";
            // Configure OAuth2 access token for authorization: oauth2
            config.AccessToken = "YOUR_ACCESS_TOKEN";

            var apiInstance = new IdentityProviderSigningKeysApi(config);
            var idpId = 0oa62bfdjnK55Z5x80h7;  // string | `id` of IdP
            var kid = KmMo85SSsU7TZzOShcGb;  // string | Unique `id` of the IdP key credential
            var targetIdpId = "targetIdpId_example";  // string | `id` of the target IdP

            try
            {
                // Clone a signing key credential for IdP
                IdPKeyCredential result = apiInstance.CloneIdentityProviderKey(idpId, kid, targetIdpId);
                Debug.WriteLine(result);
            }
            catch (ApiException  e)
            {
                Debug.Print("Exception when calling IdentityProviderSigningKeysApi.CloneIdentityProviderKey: " + e.Message );
                Debug.Print("Status Code: "+ e.ErrorCode);
                Debug.Print(e.StackTrace);
            }
        }
    }
}

Parameters

NameTypeDescriptionNotes
idpIdstring`id` of IdP
kidstringUnique `id` of the IdP key credential
targetIdpIdstring`id` of the target IdP

Return type

IdPKeyCredential

Authorization

apiToken, oauth2

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

HTTP response details

Status codeDescriptionResponse headers
201Created-
403Forbidden-
404Not Found-
429Too Many Requests-

[Back to top] [Back to API list] [Back to Model list] [Back to README]

GenerateCsrForIdentityProvider

IdPCsr GenerateCsrForIdentityProvider (string idpId, CsrMetadata metadata)

Generate a certificate signing request

Generates a new key pair and returns a certificate signing request (CSR) for it > Note: The private key isn't listed in the signing key credentials for the identity provider (IdP) until it's published.

Example

using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;

namespace Example
{
    public class GenerateCsrForIdentityProviderExample
    {
        public static void Main()
        {
            Configuration config = new Configuration();
            config.OktaDomain = "https://subdomain.okta.com";
            // Configure API key authorization: apiToken
            config.Token ="YOUR_API_KEY";
            // Configure OAuth2 access token for authorization: oauth2
            config.AccessToken = "YOUR_ACCESS_TOKEN";

            var apiInstance = new IdentityProviderSigningKeysApi(config);
            var idpId = 0oa62bfdjnK55Z5x80h7;  // string | `id` of IdP
            var metadata = new CsrMetadata(); // CsrMetadata | 

            try
            {
                // Generate a certificate signing request
                IdPCsr result = apiInstance.GenerateCsrForIdentityProvider(idpId, metadata);
                Debug.WriteLine(result);
            }
            catch (ApiException  e)
            {
                Debug.Print("Exception when calling IdentityProviderSigningKeysApi.GenerateCsrForIdentityProvider: " + e.Message );
                Debug.Print("Status Code: "+ e.ErrorCode);
                Debug.Print(e.StackTrace);
            }
        }
    }
}

Parameters

NameTypeDescriptionNotes
idpIdstring`id` of IdP
metadataCsrMetadata

Return type

IdPCsr

Authorization

apiToken, oauth2

HTTP request headers

  • Content-Type: application/json
  • Accept: application/json, application/pkcs10

HTTP response details

Status codeDescriptionResponse headers
201Created-
400Bad Request-
403Forbidden-
404Not Found-
429Too Many Requests-

[Back to top] [Back to API list] [Back to Model list] [Back to README]

GenerateIdentityProviderSigningKey

IdPKeyCredential GenerateIdentityProviderSigningKey (string idpId, int validityYears)

Generate a new signing key credential for IdP

Generates a new X.509 certificate for an identity provider (IdP) signing key credential to be used for signing assertions sent to the IdP. IdP signing keys are read-only. > Note: To update an IdP with the newly generated key credential, update your IdP using the returned key's kid in the signing credential.

Example

using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;

namespace Example
{
    public class GenerateIdentityProviderSigningKeyExample
    {
        public static void Main()
        {
            Configuration config = new Configuration();
            config.OktaDomain = "https://subdomain.okta.com";
            // Configure API key authorization: apiToken
            config.Token ="YOUR_API_KEY";
            // Configure OAuth2 access token for authorization: oauth2
            config.AccessToken = "YOUR_ACCESS_TOKEN";

            var apiInstance = new IdentityProviderSigningKeysApi(config);
            var idpId = 0oa62bfdjnK55Z5x80h7;  // string | `id` of IdP
            var validityYears = 56;  // int | expiry of the IdP key credential

            try
            {
                // Generate a new signing key credential for IdP
                IdPKeyCredential result = apiInstance.GenerateIdentityProviderSigningKey(idpId, validityYears);
                Debug.WriteLine(result);
            }
            catch (ApiException  e)
            {
                Debug.Print("Exception when calling IdentityProviderSigningKeysApi.GenerateIdentityProviderSigningKey: " + e.Message );
                Debug.Print("Status Code: "+ e.ErrorCode);
                Debug.Print(e.StackTrace);
            }
        }
    }
}

Parameters

NameTypeDescriptionNotes
idpIdstring`id` of IdP
validityYearsintexpiry of the IdP key credential

Return type

IdPKeyCredential

Authorization

apiToken, oauth2

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

HTTP response details

Status codeDescriptionResponse headers
200Success-
403Forbidden-
404Not Found-
429Too Many Requests-

[Back to top] [Back to API list] [Back to Model list] [Back to README]

GetCsrForIdentityProvider

IdPCsr GetCsrForIdentityProvider (string idpId, string idpCsrId)

Retrieve a certificate signing request

Retrieves a specific certificate signing request (CSR) by id

Example

using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;

namespace Example
{
    public class GetCsrForIdentityProviderExample
    {
        public static void Main()
        {
            Configuration config = new Configuration();
            config.OktaDomain = "https://subdomain.okta.com";
            // Configure API key authorization: apiToken
            config.Token ="YOUR_API_KEY";
            // Configure OAuth2 access token for authorization: oauth2
            config.AccessToken = "YOUR_ACCESS_TOKEN";

            var apiInstance = new IdentityProviderSigningKeysApi(config);
            var idpId = 0oa62bfdjnK55Z5x80h7;  // string | `id` of IdP
            var idpCsrId = 1uEhyE65oV3H6KM9gYcN;  // string | `id` of the IdP CSR

            try
            {
                // Retrieve a certificate signing request
                IdPCsr result = apiInstance.GetCsrForIdentityProvider(idpId, idpCsrId);
                Debug.WriteLine(result);
            }
            catch (ApiException  e)
            {
                Debug.Print("Exception when calling IdentityProviderSigningKeysApi.GetCsrForIdentityProvider: " + e.Message );
                Debug.Print("Status Code: "+ e.ErrorCode);
                Debug.Print(e.StackTrace);
            }
        }
    }
}

Parameters

NameTypeDescriptionNotes
idpIdstring`id` of IdP
idpCsrIdstring`id` of the IdP CSR

Return type

IdPCsr

Authorization

apiToken, oauth2

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json, application/pkcs10

HTTP response details

Status codeDescriptionResponse headers
200Success-
403Forbidden-
404Not Found-
429Too Many Requests-

[Back to top] [Back to API list] [Back to Model list] [Back to README]

GetIdentityProviderSigningKey

IdPKeyCredential GetIdentityProviderSigningKey (string idpId, string kid)

Retrieve a signing key credential for IdP

Retrieves a specific identity provider (IdP) key credential by kid

Example

using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;

namespace Example
{
    public class GetIdentityProviderSigningKeyExample
    {
        public static void Main()
        {
            Configuration config = new Configuration();
            config.OktaDomain = "https://subdomain.okta.com";
            // Configure API key authorization: apiToken
            config.Token ="YOUR_API_KEY";
            // Configure OAuth2 access token for authorization: oauth2
            config.AccessToken = "YOUR_ACCESS_TOKEN";

            var apiInstance = new IdentityProviderSigningKeysApi(config);
            var idpId = 0oa62bfdjnK55Z5x80h7;  // string | `id` of IdP
            var kid = KmMo85SSsU7TZzOShcGb;  // string | Unique `id` of the IdP key credential

            try
            {
                // Retrieve a signing key credential for IdP
                IdPKeyCredential result = apiInstance.GetIdentityProviderSigningKey(idpId, kid);
                Debug.WriteLine(result);
            }
            catch (ApiException  e)
            {
                Debug.Print("Exception when calling IdentityProviderSigningKeysApi.GetIdentityProviderSigningKey: " + e.Message );
                Debug.Print("Status Code: "+ e.ErrorCode);
                Debug.Print(e.StackTrace);
            }
        }
    }
}

Parameters

NameTypeDescriptionNotes
idpIdstring`id` of IdP
kidstringUnique `id` of the IdP key credential

Return type

IdPKeyCredential

Authorization

apiToken, oauth2

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

HTTP response details

Status codeDescriptionResponse headers
200Success-
403Forbidden-
404Not Found-
429Too Many Requests-

[Back to top] [Back to API list] [Back to Model list] [Back to README]

ListActiveIdentityProviderSigningKey

List<IdPKeyCredential> ListActiveIdentityProviderSigningKey (string idpId)

List the active signing key credential for IdP

Lists the active signing key credential for an identity provider (IdP)

Example

using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;

namespace Example
{
    public class ListActiveIdentityProviderSigningKeyExample
    {
        public static void Main()
        {
            Configuration config = new Configuration();
            config.OktaDomain = "https://subdomain.okta.com";
            // Configure API key authorization: apiToken
            config.Token ="YOUR_API_KEY";
            // Configure OAuth2 access token for authorization: oauth2
            config.AccessToken = "YOUR_ACCESS_TOKEN";

            var apiInstance = new IdentityProviderSigningKeysApi(config);
            var idpId = 0oa62bfdjnK55Z5x80h7;  // string | `id` of IdP

            try
            {
                // List the active signing key credential for IdP
                List<IdPKeyCredential> result = apiInstance.ListActiveIdentityProviderSigningKey(idpId).ToListAsync();
                Debug.WriteLine(result);
            }
            catch (ApiException  e)
            {
                Debug.Print("Exception when calling IdentityProviderSigningKeysApi.ListActiveIdentityProviderSigningKey: " + e.Message );
                Debug.Print("Status Code: "+ e.ErrorCode);
                Debug.Print(e.StackTrace);
            }
        }
    }
}

Parameters

NameTypeDescriptionNotes
idpIdstring`id` of IdP

Return type

List<IdPKeyCredential>

Authorization

apiToken, oauth2

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

HTTP response details

Status codeDescriptionResponse headers
200Success-
204No Content-
429Too Many Requests-

[Back to top] [Back to API list] [Back to Model list] [Back to README]

ListCsrsForIdentityProvider

List<IdPCsr> ListCsrsForIdentityProvider (string idpId)

List all certificate signing requests

Lists all certificate signing requests (CSRs) for an identity provider (IdP)

Example

using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;

namespace Example
{
    public class ListCsrsForIdentityProviderExample
    {
        public static void Main()
        {
            Configuration config = new Configuration();
            config.OktaDomain = "https://subdomain.okta.com";
            // Configure API key authorization: apiToken
            config.Token ="YOUR_API_KEY";
            // Configure OAuth2 access token for authorization: oauth2
            config.AccessToken = "YOUR_ACCESS_TOKEN";

            var apiInstance = new IdentityProviderSigningKeysApi(config);
            var idpId = 0oa62bfdjnK55Z5x80h7;  // string | `id` of IdP

            try
            {
                // List all certificate signing requests
                List<IdPCsr> result = apiInstance.ListCsrsForIdentityProvider(idpId).ToListAsync();
                Debug.WriteLine(result);
            }
            catch (ApiException  e)
            {
                Debug.Print("Exception when calling IdentityProviderSigningKeysApi.ListCsrsForIdentityProvider: " + e.Message );
                Debug.Print("Status Code: "+ e.ErrorCode);
                Debug.Print(e.StackTrace);
            }
        }
    }
}

Parameters

NameTypeDescriptionNotes
idpIdstring`id` of IdP

Return type

List<IdPCsr>

Authorization

apiToken, oauth2

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

HTTP response details

Status codeDescriptionResponse headers
200Success-
403Forbidden-
404Not Found-
429Too Many Requests-

[Back to top] [Back to API list] [Back to Model list] [Back to README]

ListIdentityProviderSigningKeys

List<IdPKeyCredential> ListIdentityProviderSigningKeys (string idpId)

List all signing key credentials for IdP

Lists all signing key credentials for an identity provider (IdP)

Example

using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;

namespace Example
{
    public class ListIdentityProviderSigningKeysExample
    {
        public static void Main()
        {
            Configuration config = new Configuration();
            config.OktaDomain = "https://subdomain.okta.com";
            // Configure API key authorization: apiToken
            config.Token ="YOUR_API_KEY";
            // Configure OAuth2 access token for authorization: oauth2
            config.AccessToken = "YOUR_ACCESS_TOKEN";

            var apiInstance = new IdentityProviderSigningKeysApi(config);
            var idpId = 0oa62bfdjnK55Z5x80h7;  // string | `id` of IdP

            try
            {
                // List all signing key credentials for IdP
                List<IdPKeyCredential> result = apiInstance.ListIdentityProviderSigningKeys(idpId).ToListAsync();
                Debug.WriteLine(result);
            }
            catch (ApiException  e)
            {
                Debug.Print("Exception when calling IdentityProviderSigningKeysApi.ListIdentityProviderSigningKeys: " + e.Message );
                Debug.Print("Status Code: "+ e.ErrorCode);
                Debug.Print(e.StackTrace);
            }
        }
    }
}

Parameters

NameTypeDescriptionNotes
idpIdstring`id` of IdP

Return type

List<IdPKeyCredential>

Authorization

apiToken, oauth2

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

HTTP response details

Status codeDescriptionResponse headers
200Success-
403Forbidden-
404Not Found-
429Too Many Requests-

[Back to top] [Back to API list] [Back to Model list] [Back to README]

PublishCsrForIdentityProvider

IdPKeyCredential PublishCsrForIdentityProvider (string idpId, string idpCsrId, System.IO.Stream body)

Publish a certificate signing request

Publishes the certificate signing request (CSR) with a signed X.509 certificate and adds it into the signing key credentials for the identity provider (IdP) > Notes: > * Publishing a certificate completes the lifecycle of the CSR, and it's no longer accessible. > * If the validity period of the certificate is less than 90 days, a 400 error response is returned.

Example

using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;

namespace Example
{
    public class PublishCsrForIdentityProviderExample
    {
        public static void Main()
        {
            Configuration config = new Configuration();
            config.OktaDomain = "https://subdomain.okta.com";
            // Configure API key authorization: apiToken
            config.Token ="YOUR_API_KEY";
            // Configure OAuth2 access token for authorization: oauth2
            config.AccessToken = "YOUR_ACCESS_TOKEN";

            var apiInstance = new IdentityProviderSigningKeysApi(config);
            var idpId = 0oa62bfdjnK55Z5x80h7;  // string | `id` of IdP
            var idpCsrId = 1uEhyE65oV3H6KM9gYcN;  // string | `id` of the IdP CSR
            var body = new System.IO.MemoryStream(System.IO.File.ReadAllBytes("/path/to/file.txt"));  // System.IO.Stream | 

            try
            {
                // Publish a certificate signing request
                IdPKeyCredential result = apiInstance.PublishCsrForIdentityProvider(idpId, idpCsrId, body);
                Debug.WriteLine(result);
            }
            catch (ApiException  e)
            {
                Debug.Print("Exception when calling IdentityProviderSigningKeysApi.PublishCsrForIdentityProvider: " + e.Message );
                Debug.Print("Status Code: "+ e.ErrorCode);
                Debug.Print(e.StackTrace);
            }
        }
    }
}

Parameters

NameTypeDescriptionNotes
idpIdstring`id` of IdP
idpCsrIdstring`id` of the IdP CSR
bodySystem.IO.Stream****System.IO.Stream

Return type

IdPKeyCredential

Authorization

apiToken, oauth2

HTTP request headers

  • Content-Type: application/pkix-cert, application/x-x509-ca-cert, application/x-pem-file
  • Accept: application/json

HTTP response details

Status codeDescriptionResponse headers
201Created-
400Bad Request-
403Forbidden-
404Not Found-
429Too Many Requests-

[Back to top] [Back to API list] [Back to Model list] [Back to README]

RevokeCsrForIdentityProvider

void RevokeCsrForIdentityProvider (string idpId, string idpCsrId)

Revoke a certificate signing request

Revokes a certificate signing request (CSR) and deletes the key pair from the identity provider (IdP)

Example

using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;

namespace Example
{
    public class RevokeCsrForIdentityProviderExample
    {
        public static void Main()
        {
            Configuration config = new Configuration();
            config.OktaDomain = "https://subdomain.okta.com";
            // Configure API key authorization: apiToken
            config.Token ="YOUR_API_KEY";
            // Configure OAuth2 access token for authorization: oauth2
            config.AccessToken = "YOUR_ACCESS_TOKEN";

            var apiInstance = new IdentityProviderSigningKeysApi(config);
            var idpId = 0oa62bfdjnK55Z5x80h7;  // string | `id` of IdP
            var idpCsrId = 1uEhyE65oV3H6KM9gYcN;  // string | `id` of the IdP CSR

            try
            {
                // Revoke a certificate signing request
                apiInstance.RevokeCsrForIdentityProvider(idpId, idpCsrId);
            }
            catch (ApiException  e)
            {
                Debug.Print("Exception when calling IdentityProviderSigningKeysApi.RevokeCsrForIdentityProvider: " + e.Message );
                Debug.Print("Status Code: "+ e.ErrorCode);
                Debug.Print(e.StackTrace);
            }
        }
    }
}

Parameters

NameTypeDescriptionNotes
idpIdstring`id` of IdP
idpCsrIdstring`id` of the IdP CSR

Return type

void (empty response body)

Authorization

apiToken, oauth2

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

HTTP response details

Status codeDescriptionResponse headers
204No Content-
403Forbidden-
404Not Found-
429Too Many Requests-

[Back to top] [Back to API list] [Back to Model list] [Back to README]