All URIs are relative to https://subdomain.okta.com
| Method | HTTP request | Description |
|---|---|---|
| CloneIdentityProviderKey | POST /api/v1/idps/{idpId}/credentials/keys/{kid}/clone | Clone a signing key credential for IdP |
| GenerateCsrForIdentityProvider | POST /api/v1/idps/{idpId}/credentials/csrs | Generate a certificate signing request |
| GenerateIdentityProviderSigningKey | POST /api/v1/idps/{idpId}/credentials/keys/generate | Generate a new signing key credential for IdP |
| GetCsrForIdentityProvider | GET /api/v1/idps/{idpId}/credentials/csrs/{idpCsrId} | Retrieve a certificate signing request |
| GetIdentityProviderSigningKey | GET /api/v1/idps/{idpId}/credentials/keys/{kid} | Retrieve a signing key credential for IdP |
| ListActiveIdentityProviderSigningKey | GET /api/v1/idps/{idpId}/credentials/keys/active | List the active signing key credential for IdP |
| ListCsrsForIdentityProvider | GET /api/v1/idps/{idpId}/credentials/csrs | List all certificate signing requests |
| ListIdentityProviderSigningKeys | GET /api/v1/idps/{idpId}/credentials/keys | List all signing key credentials for IdP |
| PublishCsrForIdentityProvider | POST /api/v1/idps/{idpId}/credentials/csrs/{idpCsrId}/lifecycle/publish | Publish a certificate signing request |
| RevokeCsrForIdentityProvider | DELETE /api/v1/idps/{idpId}/credentials/csrs/{idpCsrId} | Revoke a certificate signing request |
IdPKeyCredential CloneIdentityProviderKey (string idpId, string kid, string targetIdpId)
Clone a signing key credential for IdP
Clones an X.509 certificate for an identity provider (IdP) signing key credential from a source IdP to target IdP > Caution: Sharing certificates isn't a recommended security practice. > Note: If the key is already present in the list of key credentials for the target IdP, you receive a 400 error response.
using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;
namespace Example
{
public class CloneIdentityProviderKeyExample
{
public static void Main()
{
Configuration config = new Configuration();
config.OktaDomain = "https://subdomain.okta.com";
// Configure API key authorization: apiToken
config.Token ="YOUR_API_KEY";
// Configure OAuth2 access token for authorization: oauth2
config.AccessToken = "YOUR_ACCESS_TOKEN";
var apiInstance = new IdentityProviderSigningKeysApi(config);
var idpId = 0oa62bfdjnK55Z5x80h7; // string | `id` of IdP
var kid = KmMo85SSsU7TZzOShcGb; // string | Unique `id` of the IdP key credential
var targetIdpId = "targetIdpId_example"; // string | `id` of the target IdP
try
{
// Clone a signing key credential for IdP
IdPKeyCredential result = apiInstance.CloneIdentityProviderKey(idpId, kid, targetIdpId);
Debug.WriteLine(result);
}
catch (ApiException e)
{
Debug.Print("Exception when calling IdentityProviderSigningKeysApi.CloneIdentityProviderKey: " + e.Message );
Debug.Print("Status Code: "+ e.ErrorCode);
Debug.Print(e.StackTrace);
}
}
}
}| Name | Type | Description | Notes |
|---|---|---|---|
| idpId | string | `id` of IdP | |
| kid | string | Unique `id` of the IdP key credential | |
| targetIdpId | string | `id` of the target IdP |
- Content-Type: Not defined
- Accept: application/json
| Status code | Description | Response headers |
|---|---|---|
| 201 | Created | - |
| 403 | Forbidden | - |
| 404 | Not Found | - |
| 429 | Too Many Requests | - |
[Back to top] [Back to API list] [Back to Model list] [Back to README]
IdPCsr GenerateCsrForIdentityProvider (string idpId, CsrMetadata metadata)
Generate a certificate signing request
Generates a new key pair and returns a certificate signing request (CSR) for it > Note: The private key isn't listed in the signing key credentials for the identity provider (IdP) until it's published.
using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;
namespace Example
{
public class GenerateCsrForIdentityProviderExample
{
public static void Main()
{
Configuration config = new Configuration();
config.OktaDomain = "https://subdomain.okta.com";
// Configure API key authorization: apiToken
config.Token ="YOUR_API_KEY";
// Configure OAuth2 access token for authorization: oauth2
config.AccessToken = "YOUR_ACCESS_TOKEN";
var apiInstance = new IdentityProviderSigningKeysApi(config);
var idpId = 0oa62bfdjnK55Z5x80h7; // string | `id` of IdP
var metadata = new CsrMetadata(); // CsrMetadata |
try
{
// Generate a certificate signing request
IdPCsr result = apiInstance.GenerateCsrForIdentityProvider(idpId, metadata);
Debug.WriteLine(result);
}
catch (ApiException e)
{
Debug.Print("Exception when calling IdentityProviderSigningKeysApi.GenerateCsrForIdentityProvider: " + e.Message );
Debug.Print("Status Code: "+ e.ErrorCode);
Debug.Print(e.StackTrace);
}
}
}
}| Name | Type | Description | Notes |
|---|---|---|---|
| idpId | string | `id` of IdP | |
| metadata | CsrMetadata |
- Content-Type: application/json
- Accept: application/json, application/pkcs10
| Status code | Description | Response headers |
|---|---|---|
| 201 | Created | - |
| 400 | Bad Request | - |
| 403 | Forbidden | - |
| 404 | Not Found | - |
| 429 | Too Many Requests | - |
[Back to top] [Back to API list] [Back to Model list] [Back to README]
IdPKeyCredential GenerateIdentityProviderSigningKey (string idpId, int validityYears)
Generate a new signing key credential for IdP
Generates a new X.509 certificate for an identity provider (IdP) signing key credential to be used for signing assertions sent to the IdP. IdP signing keys are read-only. > Note: To update an IdP with the newly generated key credential, update your IdP using the returned key's kid in the signing credential.
using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;
namespace Example
{
public class GenerateIdentityProviderSigningKeyExample
{
public static void Main()
{
Configuration config = new Configuration();
config.OktaDomain = "https://subdomain.okta.com";
// Configure API key authorization: apiToken
config.Token ="YOUR_API_KEY";
// Configure OAuth2 access token for authorization: oauth2
config.AccessToken = "YOUR_ACCESS_TOKEN";
var apiInstance = new IdentityProviderSigningKeysApi(config);
var idpId = 0oa62bfdjnK55Z5x80h7; // string | `id` of IdP
var validityYears = 56; // int | expiry of the IdP key credential
try
{
// Generate a new signing key credential for IdP
IdPKeyCredential result = apiInstance.GenerateIdentityProviderSigningKey(idpId, validityYears);
Debug.WriteLine(result);
}
catch (ApiException e)
{
Debug.Print("Exception when calling IdentityProviderSigningKeysApi.GenerateIdentityProviderSigningKey: " + e.Message );
Debug.Print("Status Code: "+ e.ErrorCode);
Debug.Print(e.StackTrace);
}
}
}
}| Name | Type | Description | Notes |
|---|---|---|---|
| idpId | string | `id` of IdP | |
| validityYears | int | expiry of the IdP key credential |
- Content-Type: Not defined
- Accept: application/json
| Status code | Description | Response headers |
|---|---|---|
| 200 | Success | - |
| 403 | Forbidden | - |
| 404 | Not Found | - |
| 429 | Too Many Requests | - |
[Back to top] [Back to API list] [Back to Model list] [Back to README]
IdPCsr GetCsrForIdentityProvider (string idpId, string idpCsrId)
Retrieve a certificate signing request
Retrieves a specific certificate signing request (CSR) by id
using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;
namespace Example
{
public class GetCsrForIdentityProviderExample
{
public static void Main()
{
Configuration config = new Configuration();
config.OktaDomain = "https://subdomain.okta.com";
// Configure API key authorization: apiToken
config.Token ="YOUR_API_KEY";
// Configure OAuth2 access token for authorization: oauth2
config.AccessToken = "YOUR_ACCESS_TOKEN";
var apiInstance = new IdentityProviderSigningKeysApi(config);
var idpId = 0oa62bfdjnK55Z5x80h7; // string | `id` of IdP
var idpCsrId = 1uEhyE65oV3H6KM9gYcN; // string | `id` of the IdP CSR
try
{
// Retrieve a certificate signing request
IdPCsr result = apiInstance.GetCsrForIdentityProvider(idpId, idpCsrId);
Debug.WriteLine(result);
}
catch (ApiException e)
{
Debug.Print("Exception when calling IdentityProviderSigningKeysApi.GetCsrForIdentityProvider: " + e.Message );
Debug.Print("Status Code: "+ e.ErrorCode);
Debug.Print(e.StackTrace);
}
}
}
}| Name | Type | Description | Notes |
|---|---|---|---|
| idpId | string | `id` of IdP | |
| idpCsrId | string | `id` of the IdP CSR |
- Content-Type: Not defined
- Accept: application/json, application/pkcs10
| Status code | Description | Response headers |
|---|---|---|
| 200 | Success | - |
| 403 | Forbidden | - |
| 404 | Not Found | - |
| 429 | Too Many Requests | - |
[Back to top] [Back to API list] [Back to Model list] [Back to README]
IdPKeyCredential GetIdentityProviderSigningKey (string idpId, string kid)
Retrieve a signing key credential for IdP
Retrieves a specific identity provider (IdP) key credential by kid
using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;
namespace Example
{
public class GetIdentityProviderSigningKeyExample
{
public static void Main()
{
Configuration config = new Configuration();
config.OktaDomain = "https://subdomain.okta.com";
// Configure API key authorization: apiToken
config.Token ="YOUR_API_KEY";
// Configure OAuth2 access token for authorization: oauth2
config.AccessToken = "YOUR_ACCESS_TOKEN";
var apiInstance = new IdentityProviderSigningKeysApi(config);
var idpId = 0oa62bfdjnK55Z5x80h7; // string | `id` of IdP
var kid = KmMo85SSsU7TZzOShcGb; // string | Unique `id` of the IdP key credential
try
{
// Retrieve a signing key credential for IdP
IdPKeyCredential result = apiInstance.GetIdentityProviderSigningKey(idpId, kid);
Debug.WriteLine(result);
}
catch (ApiException e)
{
Debug.Print("Exception when calling IdentityProviderSigningKeysApi.GetIdentityProviderSigningKey: " + e.Message );
Debug.Print("Status Code: "+ e.ErrorCode);
Debug.Print(e.StackTrace);
}
}
}
}| Name | Type | Description | Notes |
|---|---|---|---|
| idpId | string | `id` of IdP | |
| kid | string | Unique `id` of the IdP key credential |
- Content-Type: Not defined
- Accept: application/json
| Status code | Description | Response headers |
|---|---|---|
| 200 | Success | - |
| 403 | Forbidden | - |
| 404 | Not Found | - |
| 429 | Too Many Requests | - |
[Back to top] [Back to API list] [Back to Model list] [Back to README]
List<IdPKeyCredential> ListActiveIdentityProviderSigningKey (string idpId)
List the active signing key credential for IdP
Lists the active signing key credential for an identity provider (IdP)
using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;
namespace Example
{
public class ListActiveIdentityProviderSigningKeyExample
{
public static void Main()
{
Configuration config = new Configuration();
config.OktaDomain = "https://subdomain.okta.com";
// Configure API key authorization: apiToken
config.Token ="YOUR_API_KEY";
// Configure OAuth2 access token for authorization: oauth2
config.AccessToken = "YOUR_ACCESS_TOKEN";
var apiInstance = new IdentityProviderSigningKeysApi(config);
var idpId = 0oa62bfdjnK55Z5x80h7; // string | `id` of IdP
try
{
// List the active signing key credential for IdP
List<IdPKeyCredential> result = apiInstance.ListActiveIdentityProviderSigningKey(idpId).ToListAsync();
Debug.WriteLine(result);
}
catch (ApiException e)
{
Debug.Print("Exception when calling IdentityProviderSigningKeysApi.ListActiveIdentityProviderSigningKey: " + e.Message );
Debug.Print("Status Code: "+ e.ErrorCode);
Debug.Print(e.StackTrace);
}
}
}
}| Name | Type | Description | Notes |
|---|---|---|---|
| idpId | string | `id` of IdP |
- Content-Type: Not defined
- Accept: application/json
| Status code | Description | Response headers |
|---|---|---|
| 200 | Success | - |
| 204 | No Content | - |
| 429 | Too Many Requests | - |
[Back to top] [Back to API list] [Back to Model list] [Back to README]
List<IdPCsr> ListCsrsForIdentityProvider (string idpId)
List all certificate signing requests
Lists all certificate signing requests (CSRs) for an identity provider (IdP)
using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;
namespace Example
{
public class ListCsrsForIdentityProviderExample
{
public static void Main()
{
Configuration config = new Configuration();
config.OktaDomain = "https://subdomain.okta.com";
// Configure API key authorization: apiToken
config.Token ="YOUR_API_KEY";
// Configure OAuth2 access token for authorization: oauth2
config.AccessToken = "YOUR_ACCESS_TOKEN";
var apiInstance = new IdentityProviderSigningKeysApi(config);
var idpId = 0oa62bfdjnK55Z5x80h7; // string | `id` of IdP
try
{
// List all certificate signing requests
List<IdPCsr> result = apiInstance.ListCsrsForIdentityProvider(idpId).ToListAsync();
Debug.WriteLine(result);
}
catch (ApiException e)
{
Debug.Print("Exception when calling IdentityProviderSigningKeysApi.ListCsrsForIdentityProvider: " + e.Message );
Debug.Print("Status Code: "+ e.ErrorCode);
Debug.Print(e.StackTrace);
}
}
}
}| Name | Type | Description | Notes |
|---|---|---|---|
| idpId | string | `id` of IdP |
- Content-Type: Not defined
- Accept: application/json
| Status code | Description | Response headers |
|---|---|---|
| 200 | Success | - |
| 403 | Forbidden | - |
| 404 | Not Found | - |
| 429 | Too Many Requests | - |
[Back to top] [Back to API list] [Back to Model list] [Back to README]
List<IdPKeyCredential> ListIdentityProviderSigningKeys (string idpId)
List all signing key credentials for IdP
Lists all signing key credentials for an identity provider (IdP)
using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;
namespace Example
{
public class ListIdentityProviderSigningKeysExample
{
public static void Main()
{
Configuration config = new Configuration();
config.OktaDomain = "https://subdomain.okta.com";
// Configure API key authorization: apiToken
config.Token ="YOUR_API_KEY";
// Configure OAuth2 access token for authorization: oauth2
config.AccessToken = "YOUR_ACCESS_TOKEN";
var apiInstance = new IdentityProviderSigningKeysApi(config);
var idpId = 0oa62bfdjnK55Z5x80h7; // string | `id` of IdP
try
{
// List all signing key credentials for IdP
List<IdPKeyCredential> result = apiInstance.ListIdentityProviderSigningKeys(idpId).ToListAsync();
Debug.WriteLine(result);
}
catch (ApiException e)
{
Debug.Print("Exception when calling IdentityProviderSigningKeysApi.ListIdentityProviderSigningKeys: " + e.Message );
Debug.Print("Status Code: "+ e.ErrorCode);
Debug.Print(e.StackTrace);
}
}
}
}| Name | Type | Description | Notes |
|---|---|---|---|
| idpId | string | `id` of IdP |
- Content-Type: Not defined
- Accept: application/json
| Status code | Description | Response headers |
|---|---|---|
| 200 | Success | - |
| 403 | Forbidden | - |
| 404 | Not Found | - |
| 429 | Too Many Requests | - |
[Back to top] [Back to API list] [Back to Model list] [Back to README]
IdPKeyCredential PublishCsrForIdentityProvider (string idpId, string idpCsrId, System.IO.Stream body)
Publish a certificate signing request
Publishes the certificate signing request (CSR) with a signed X.509 certificate and adds it into the signing key credentials for the identity provider (IdP) > Notes: > * Publishing a certificate completes the lifecycle of the CSR, and it's no longer accessible. > * If the validity period of the certificate is less than 90 days, a 400 error response is returned.
using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;
namespace Example
{
public class PublishCsrForIdentityProviderExample
{
public static void Main()
{
Configuration config = new Configuration();
config.OktaDomain = "https://subdomain.okta.com";
// Configure API key authorization: apiToken
config.Token ="YOUR_API_KEY";
// Configure OAuth2 access token for authorization: oauth2
config.AccessToken = "YOUR_ACCESS_TOKEN";
var apiInstance = new IdentityProviderSigningKeysApi(config);
var idpId = 0oa62bfdjnK55Z5x80h7; // string | `id` of IdP
var idpCsrId = 1uEhyE65oV3H6KM9gYcN; // string | `id` of the IdP CSR
var body = new System.IO.MemoryStream(System.IO.File.ReadAllBytes("/path/to/file.txt")); // System.IO.Stream |
try
{
// Publish a certificate signing request
IdPKeyCredential result = apiInstance.PublishCsrForIdentityProvider(idpId, idpCsrId, body);
Debug.WriteLine(result);
}
catch (ApiException e)
{
Debug.Print("Exception when calling IdentityProviderSigningKeysApi.PublishCsrForIdentityProvider: " + e.Message );
Debug.Print("Status Code: "+ e.ErrorCode);
Debug.Print(e.StackTrace);
}
}
}
}| Name | Type | Description | Notes |
|---|---|---|---|
| idpId | string | `id` of IdP | |
| idpCsrId | string | `id` of the IdP CSR | |
| body | System.IO.Stream****System.IO.Stream |
- Content-Type: application/pkix-cert, application/x-x509-ca-cert, application/x-pem-file
- Accept: application/json
| Status code | Description | Response headers |
|---|---|---|
| 201 | Created | - |
| 400 | Bad Request | - |
| 403 | Forbidden | - |
| 404 | Not Found | - |
| 429 | Too Many Requests | - |
[Back to top] [Back to API list] [Back to Model list] [Back to README]
void RevokeCsrForIdentityProvider (string idpId, string idpCsrId)
Revoke a certificate signing request
Revokes a certificate signing request (CSR) and deletes the key pair from the identity provider (IdP)
using System.Collections.Generic;
using System.Diagnostics;
using Okta.Sdk.Api;
using Okta.Sdk.Client;
using Okta.Sdk.Model;
namespace Example
{
public class RevokeCsrForIdentityProviderExample
{
public static void Main()
{
Configuration config = new Configuration();
config.OktaDomain = "https://subdomain.okta.com";
// Configure API key authorization: apiToken
config.Token ="YOUR_API_KEY";
// Configure OAuth2 access token for authorization: oauth2
config.AccessToken = "YOUR_ACCESS_TOKEN";
var apiInstance = new IdentityProviderSigningKeysApi(config);
var idpId = 0oa62bfdjnK55Z5x80h7; // string | `id` of IdP
var idpCsrId = 1uEhyE65oV3H6KM9gYcN; // string | `id` of the IdP CSR
try
{
// Revoke a certificate signing request
apiInstance.RevokeCsrForIdentityProvider(idpId, idpCsrId);
}
catch (ApiException e)
{
Debug.Print("Exception when calling IdentityProviderSigningKeysApi.RevokeCsrForIdentityProvider: " + e.Message );
Debug.Print("Status Code: "+ e.ErrorCode);
Debug.Print(e.StackTrace);
}
}
}
}| Name | Type | Description | Notes |
|---|---|---|---|
| idpId | string | `id` of IdP | |
| idpCsrId | string | `id` of the IdP CSR |
void (empty response body)
- Content-Type: Not defined
- Accept: application/json
| Status code | Description | Response headers |
|---|---|---|
| 204 | No Content | - |
| 403 | Forbidden | - |
| 404 | Not Found | - |
| 429 | Too Many Requests | - |
[Back to top] [Back to API list] [Back to Model list] [Back to README]