keyCredential resource type
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Contains a key credential associated with an application or a service principal. The keyCredentials property of the application and servicePrincipal entities is a collection of keyCredential.
To add a keyCredential using Microsoft Graph, see Add a certificate to an app using Microsoft Graph.
Properties
| Property | Type | Description |
|---|---|---|
| customKeyIdentifier | Binary | A 40-character binary type that can be used to identify the credential. Optional. When not provided in the payload, defaults to the thumbprint of the certificate. |
| displayName | String | Friendly name for the key. Optional. |
| endDateTime | DateTimeOffset | The date and time at which the credential expires. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| key | Binary | Value for the key credential. Should be a Base64 encoded value. Returned only on $select for a single object, that is, GET applications/{applicationId}?$select=keyCredentials or GET servicePrincipals/{servicePrincipalId}?$select=keyCredentials; otherwise, it is always null. From a .cer certificate, you can read the key using the Convert.ToBase64String() method. For more information, see Get the certificate key. |
| keyId | Guid | The unique identifier for the key. |
| startDateTime | DateTimeOffset | The date and time at which the credential becomes valid.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| type | String | The type of key credential; for example, Symmetric, AsymmetricX509Cert, or X509CertAndPassword. |
| usage | String | A string that describes the purpose for which the key can be used; for example, None, Verify, PairwiseIdentifier, Delegation, Decrypt, Encrypt, HashedIdentifier, SelfSignedTls, or Sign. If usage is Sign, the type should be X509CertAndPassword, and the passwordCredentials for signing should be defined. |
JSON representation
The following is a JSON representation of the resource.
{
"@odata.type": "#microsoft.graph.keyCredential",
"customKeyIdentifier": "Binary",
"displayName": "String",
"endDateTime": "String (timestamp)",
"key": "Binary",
"keyId": "Guid",
"startDateTime": "String (timestamp)",
"type": "String",
"usage": "String"
}
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for