Skip to main content
POST
http://localhost:8001
/
keys
/
{key_id}
/
rotate
curl -X POST http://localhost:8001/keys/b2c3d4e5-f6a7-8901-bcde-f12345678901/rotate \
  -H "Content-Type: application/json" \
  -d '{
    "customer_id": "550e8400-e29b-41d4-a716-446655440000"
  }'

{
  "key_id": "c3d4e5f6-a7b8-9012-cdef-234567890123",
  "public_key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE...\n-----END PUBLIC KEY-----",
  "key_type": "ES256",
  "created_at": "2026-03-01T00:00:00Z"
}
The auth service is deployed on a private network. All endpoints except /health are internal management-plane operations.

Path Parameters

key_id
string
required
UUID of the signing key to rotate.

Request Body

customer_id
string
required
UUID of the customer that owns the signing key.

Response

key_id
string
UUID of the newly generated signing key.
public_key
string
PEM-encoded public key of the new signing key.
key_type
string
Algorithm identifier. Always ES256.
created_at
datetime
ISO 8601 timestamp of when the new key was generated.
curl -X POST http://localhost:8001/keys/b2c3d4e5-f6a7-8901-bcde-f12345678901/rotate \
  -H "Content-Type: application/json" \
  -d '{
    "customer_id": "550e8400-e29b-41d4-a716-446655440000"
  }'

{
  "key_id": "c3d4e5f6-a7b8-9012-cdef-234567890123",
  "public_key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE...\n-----END PUBLIC KEY-----",
  "key_type": "ES256",
  "created_at": "2026-03-01T00:00:00Z"
}