PingOne Platform APIs

Update Customer Signing Public Key

   

PUT {{apiPath}}/environments/{{envId}}/credentialSigningKeys/{{credentialSigningKeyId}}

Use the PUT {{apiPath}}/environments/{{envId}}/credentialSigningKeys/{credentialSigningKeyId} operation to update a credential signing public key. Set enabled to true to use the key for signing credentials and to be available for verifying credentials. Set it to false to make it available only for verifying credentials.

The jwk object is typically required for a PUT replacement update. However, because the jwk object is immutable, it can be omitted on update.

Request Model

Refer to Credential signing key data model for full property descriptions.

Property Type Required?

enabled

String

Required

jwk

Object

Required/Optional

jwk.alg

String

Required

jwk.crv

String

Required/Optional

jwk.e

String

Required/Optional

jwk.kid

String

Required

jwk.kty

String

Required

jwk.n

String

Required/Optional

jwk.x

String

Required/Optional

jwk.y

String

Required/Optional

name

String

Optional

Headers

Authorization      Bearer {{accessToken}}

Content-Type      application/json

Body

raw ( application/json )

{
    "name": "customer-defined-key-id",
    "enabled": false,
    "jwk": {
        "kid": "customer-specified-key-id",
        "kty": "RSA",
        "alg": "RS256",
        "n": "jFfJCBv199-wMuUcW3MKaRH-DItx0xGji7JD2Agrm4JtiAJKD_g2xD4SwnQIkQdidTRnoAQ1UvUc7PlYNL7CaHCyzUw08E6QhbDxzbG2_lhDl7Y6Cljp23pkZ-40rBezqYuqOwgQv21FiiuA5LNSckH8ojdC_nvFUy4x2jKIFDAh_xEgdcTXZELrVbIdrqR2oFZXR_zIXPaoKl-67tQY1ttUopXqewzM31mKfj6JDfkbeGdaRhiBH_jlFTDbIE7metwsBnxucpQbDk1XlPmgsu8yZfbjJN19rhie7BTDS7BA5oYWizy8LBI6kUPkUTgqRRRhtyuVrWV1CXvpARrZvw",
        "e": "AQAB"
    }
}

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff --request PUT '{{apiPath}}/environments/{{envId}}/credentialSigningKeys/{{credentialSigningKeyId}}' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
    "name": "customer-defined-key-id",
    "enabled": false,
    "jwk": {
        "kid": "customer-specified-key-id",
        "kty": "RSA",
        "alg": "RS256",
        "n": "jFfJCBv199-wMuUcW3MKaRH-DItx0xGji7JD2Agrm4JtiAJKD_g2xD4SwnQIkQdidTRnoAQ1UvUc7PlYNL7CaHCyzUw08E6QhbDxzbG2_lhDl7Y6Cljp23pkZ-40rBezqYuqOwgQv21FiiuA5LNSckH8ojdC_nvFUy4x2jKIFDAh_xEgdcTXZELrVbIdrqR2oFZXR_zIXPaoKl-67tQY1ttUopXqewzM31mKfj6JDfkbeGdaRhiBH_jlFTDbIE7metwsBnxucpQbDk1XlPmgsu8yZfbjJN19rhie7BTDS7BA5oYWizy8LBI6kUPkUTgqRRRhtyuVrWV1CXvpARrZvw",
        "e": "AQAB"
    }
}'
var options = new RestClientOptions("{{apiPath}}/environments/{{envId}}/credentialSigningKeys/{{credentialSigningKeyId}}")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Put);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@"    ""name"": ""customer-defined-key-id""," + "\n" +
@"    ""enabled"": false," + "\n" +
@"    ""jwk"": {" + "\n" +
@"        ""kid"": ""customer-specified-key-id""," + "\n" +
@"        ""kty"": ""RSA""," + "\n" +
@"        ""alg"": ""RS256""," + "\n" +
@"        ""n"": ""jFfJCBv199-wMuUcW3MKaRH-DItx0xGji7JD2Agrm4JtiAJKD_g2xD4SwnQIkQdidTRnoAQ1UvUc7PlYNL7CaHCyzUw08E6QhbDxzbG2_lhDl7Y6Cljp23pkZ-40rBezqYuqOwgQv21FiiuA5LNSckH8ojdC_nvFUy4x2jKIFDAh_xEgdcTXZELrVbIdrqR2oFZXR_zIXPaoKl-67tQY1ttUopXqewzM31mKfj6JDfkbeGdaRhiBH_jlFTDbIE7metwsBnxucpQbDk1XlPmgsu8yZfbjJN19rhie7BTDS7BA5oYWizy8LBI6kUPkUTgqRRRhtyuVrWV1CXvpARrZvw""," + "\n" +
@"        ""e"": ""AQAB""" + "\n" +
@"    }" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{apiPath}}/environments/{{envId}}/credentialSigningKeys/{{credentialSigningKeyId}}"
  method := "PUT"

  payload := strings.NewReader(`{
    "name": "customer-defined-key-id",
    "enabled": false,
    "jwk": {
        "kid": "customer-specified-key-id",
        "kty": "RSA",
        "alg": "RS256",
        "n": "jFfJCBv199-wMuUcW3MKaRH-DItx0xGji7JD2Agrm4JtiAJKD_g2xD4SwnQIkQdidTRnoAQ1UvUc7PlYNL7CaHCyzUw08E6QhbDxzbG2_lhDl7Y6Cljp23pkZ-40rBezqYuqOwgQv21FiiuA5LNSckH8ojdC_nvFUy4x2jKIFDAh_xEgdcTXZELrVbIdrqR2oFZXR_zIXPaoKl-67tQY1ttUopXqewzM31mKfj6JDfkbeGdaRhiBH_jlFTDbIE7metwsBnxucpQbDk1XlPmgsu8yZfbjJN19rhie7BTDS7BA5oYWizy8LBI6kUPkUTgqRRRhtyuVrWV1CXvpARrZvw",
        "e": "AQAB"
    }
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/json")
  req.Header.Add("Authorization", "Bearer {{accessToken}}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
PUT /environments/{{envId}}/credentialSigningKeys/{{credentialSigningKeyId}} HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}

{
    "name": "customer-defined-key-id",
    "enabled": false,
    "jwk": {
        "kid": "customer-specified-key-id",
        "kty": "RSA",
        "alg": "RS256",
        "n": "jFfJCBv199-wMuUcW3MKaRH-DItx0xGji7JD2Agrm4JtiAJKD_g2xD4SwnQIkQdidTRnoAQ1UvUc7PlYNL7CaHCyzUw08E6QhbDxzbG2_lhDl7Y6Cljp23pkZ-40rBezqYuqOwgQv21FiiuA5LNSckH8ojdC_nvFUy4x2jKIFDAh_xEgdcTXZELrVbIdrqR2oFZXR_zIXPaoKl-67tQY1ttUopXqewzM31mKfj6JDfkbeGdaRhiBH_jlFTDbIE7metwsBnxucpQbDk1XlPmgsu8yZfbjJN19rhie7BTDS7BA5oYWizy8LBI6kUPkUTgqRRRhtyuVrWV1CXvpARrZvw",
        "e": "AQAB"
    }
}
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n    \"name\": \"customer-defined-key-id\",\n    \"enabled\": false,\n    \"jwk\": {\n        \"kid\": \"customer-specified-key-id\",\n        \"kty\": \"RSA\",\n        \"alg\": \"RS256\",\n        \"n\": \"jFfJCBv199-wMuUcW3MKaRH-DItx0xGji7JD2Agrm4JtiAJKD_g2xD4SwnQIkQdidTRnoAQ1UvUc7PlYNL7CaHCyzUw08E6QhbDxzbG2_lhDl7Y6Cljp23pkZ-40rBezqYuqOwgQv21FiiuA5LNSckH8ojdC_nvFUy4x2jKIFDAh_xEgdcTXZELrVbIdrqR2oFZXR_zIXPaoKl-67tQY1ttUopXqewzM31mKfj6JDfkbeGdaRhiBH_jlFTDbIE7metwsBnxucpQbDk1XlPmgsu8yZfbjJN19rhie7BTDS7BA5oYWizy8LBI6kUPkUTgqRRRhtyuVrWV1CXvpARrZvw\",\n        \"e\": \"AQAB\"\n    }\n}");
Request request = new Request.Builder()
  .url("{{apiPath}}/environments/{{envId}}/credentialSigningKeys/{{credentialSigningKeyId}}")
  .method("PUT", body)
  .addHeader("Content-Type", "application/json")
  .addHeader("Authorization", "Bearer {{accessToken}}")
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{apiPath}}/environments/{{envId}}/credentialSigningKeys/{{credentialSigningKeyId}}",
  "method": "PUT",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/json",
    "Authorization": "Bearer {{accessToken}}"
  },
  "data": JSON.stringify({
    "name": "customer-defined-key-id",
    "enabled": false,
    "jwk": {
      "kid": "customer-specified-key-id",
      "kty": "RSA",
      "alg": "RS256",
      "n": "jFfJCBv199-wMuUcW3MKaRH-DItx0xGji7JD2Agrm4JtiAJKD_g2xD4SwnQIkQdidTRnoAQ1UvUc7PlYNL7CaHCyzUw08E6QhbDxzbG2_lhDl7Y6Cljp23pkZ-40rBezqYuqOwgQv21FiiuA5LNSckH8ojdC_nvFUy4x2jKIFDAh_xEgdcTXZELrVbIdrqR2oFZXR_zIXPaoKl-67tQY1ttUopXqewzM31mKfj6JDfkbeGdaRhiBH_jlFTDbIE7metwsBnxucpQbDk1XlPmgsu8yZfbjJN19rhie7BTDS7BA5oYWizy8LBI6kUPkUTgqRRRhtyuVrWV1CXvpARrZvw",
      "e": "AQAB"
    }
  }),
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'PUT',
  'url': '{{apiPath}}/environments/{{envId}}/credentialSigningKeys/{{credentialSigningKeyId}}',
  'headers': {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {{accessToken}}'
  },
  body: JSON.stringify({
    "name": "customer-defined-key-id",
    "enabled": false,
    "jwk": {
      "kid": "customer-specified-key-id",
      "kty": "RSA",
      "alg": "RS256",
      "n": "jFfJCBv199-wMuUcW3MKaRH-DItx0xGji7JD2Agrm4JtiAJKD_g2xD4SwnQIkQdidTRnoAQ1UvUc7PlYNL7CaHCyzUw08E6QhbDxzbG2_lhDl7Y6Cljp23pkZ-40rBezqYuqOwgQv21FiiuA5LNSckH8ojdC_nvFUy4x2jKIFDAh_xEgdcTXZELrVbIdrqR2oFZXR_zIXPaoKl-67tQY1ttUopXqewzM31mKfj6JDfkbeGdaRhiBH_jlFTDbIE7metwsBnxucpQbDk1XlPmgsu8yZfbjJN19rhie7BTDS7BA5oYWizy8LBI6kUPkUTgqRRRhtyuVrWV1CXvpARrZvw",
      "e": "AQAB"
    }
  })

};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests
import json

url = "{{apiPath}}/environments/{{envId}}/credentialSigningKeys/{{credentialSigningKeyId}}"

payload = json.dumps({
  "name": "customer-defined-key-id",
  "enabled": False,
  "jwk": {
    "kid": "customer-specified-key-id",
    "kty": "RSA",
    "alg": "RS256",
    "n": "jFfJCBv199-wMuUcW3MKaRH-DItx0xGji7JD2Agrm4JtiAJKD_g2xD4SwnQIkQdidTRnoAQ1UvUc7PlYNL7CaHCyzUw08E6QhbDxzbG2_lhDl7Y6Cljp23pkZ-40rBezqYuqOwgQv21FiiuA5LNSckH8ojdC_nvFUy4x2jKIFDAh_xEgdcTXZELrVbIdrqR2oFZXR_zIXPaoKl-67tQY1ttUopXqewzM31mKfj6JDfkbeGdaRhiBH_jlFTDbIE7metwsBnxucpQbDk1XlPmgsu8yZfbjJN19rhie7BTDS7BA5oYWizy8LBI6kUPkUTgqRRRhtyuVrWV1CXvpARrZvw",
    "e": "AQAB"
  }
})
headers = {
  'Content-Type': 'application/json',
  'Authorization': 'Bearer {{accessToken}}'
}

response = requests.request("PUT", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envId}}/credentialSigningKeys/{{credentialSigningKeyId}}');
$request->setMethod(HTTP_Request2::METHOD_PUT);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Content-Type' => 'application/json',
  'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n    "name": "customer-defined-key-id",\n    "enabled": false,\n    "jwk": {\n        "kid": "customer-specified-key-id",\n        "kty": "RSA",\n        "alg": "RS256",\n        "n": "jFfJCBv199-wMuUcW3MKaRH-DItx0xGji7JD2Agrm4JtiAJKD_g2xD4SwnQIkQdidTRnoAQ1UvUc7PlYNL7CaHCyzUw08E6QhbDxzbG2_lhDl7Y6Cljp23pkZ-40rBezqYuqOwgQv21FiiuA5LNSckH8ojdC_nvFUy4x2jKIFDAh_xEgdcTXZELrVbIdrqR2oFZXR_zIXPaoKl-67tQY1ttUopXqewzM31mKfj6JDfkbeGdaRhiBH_jlFTDbIE7metwsBnxucpQbDk1XlPmgsu8yZfbjJN19rhie7BTDS7BA5oYWizy8LBI6kUPkUTgqRRRhtyuVrWV1CXvpARrZvw",\n        "e": "AQAB"\n    }\n}');
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "json"
require "net/http"

url = URI("{{apiPath}}/environments/{{envId}}/credentialSigningKeys/{{credentialSigningKeyId}}")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Put.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
  "name": "customer-defined-key-id",
  "enabled": false,
  "jwk": {
    "kid": "customer-specified-key-id",
    "kty": "RSA",
    "alg": "RS256",
    "n": "jFfJCBv199-wMuUcW3MKaRH-DItx0xGji7JD2Agrm4JtiAJKD_g2xD4SwnQIkQdidTRnoAQ1UvUc7PlYNL7CaHCyzUw08E6QhbDxzbG2_lhDl7Y6Cljp23pkZ-40rBezqYuqOwgQv21FiiuA5LNSckH8ojdC_nvFUy4x2jKIFDAh_xEgdcTXZELrVbIdrqR2oFZXR_zIXPaoKl-67tQY1ttUopXqewzM31mKfj6JDfkbeGdaRhiBH_jlFTDbIE7metwsBnxucpQbDk1XlPmgsu8yZfbjJN19rhie7BTDS7BA5oYWizy8LBI6kUPkUTgqRRRhtyuVrWV1CXvpARrZvw",
    "e": "AQAB"
  }
})

response = http.request(request)
puts response.read_body
let parameters = "{\n    \"name\": \"customer-defined-key-id\",\n    \"enabled\": false,\n    \"jwk\": {\n        \"kid\": \"customer-specified-key-id\",\n        \"kty\": \"RSA\",\n        \"alg\": \"RS256\",\n        \"n\": \"jFfJCBv199-wMuUcW3MKaRH-DItx0xGji7JD2Agrm4JtiAJKD_g2xD4SwnQIkQdidTRnoAQ1UvUc7PlYNL7CaHCyzUw08E6QhbDxzbG2_lhDl7Y6Cljp23pkZ-40rBezqYuqOwgQv21FiiuA5LNSckH8ojdC_nvFUy4x2jKIFDAh_xEgdcTXZELrVbIdrqR2oFZXR_zIXPaoKl-67tQY1ttUopXqewzM31mKfj6JDfkbeGdaRhiBH_jlFTDbIE7metwsBnxucpQbDk1XlPmgsu8yZfbjJN19rhie7BTDS7BA5oYWizy8LBI6kUPkUTgqRRRhtyuVrWV1CXvpARrZvw\",\n        \"e\": \"AQAB\"\n    }\n}"
let postData = parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envId}}/credentialSigningKeys/{{credentialSigningKeyId}}")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")

request.httpMethod = "PUT"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

200 OK

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/credentialSigningKeys/34ab57dc-8c7b-4377-95b2-a24672e8b70c"
        },
        "environment": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
        }
    },
    "id": "34ab57dc-8c7b-4377-95b2-a24672e8b70c",
    "createdAt": "2025-06-27T13:56:20.046Z",
    "updatedAt": "2025-06-27T14:18:33.083506420Z",
    "environment": {
        "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
    },
    "name": "customer-defined-key-id",
    "enabled": false,
    "jwk": {
        "kty": "RSA",
        "kid": "customer-specified-key-id",
        "alg": "RS256",
        "n": "jFfJCBv199-wMuUcW3MKaRH-DItx0xGji7JD2Agrm4JtiAJKD_g2xD4SwnQIkQdidTRnoAQ1UvUc7PlYNL7CaHCyzUw08E6QhbDxzbG2_lhDl7Y6Cljp23pkZ-40rBezqYuqOwgQv21FiiuA5LNSckH8ojdC_nvFUy4x2jKIFDAh_xEgdcTXZELrVbIdrqR2oFZXR_zIXPaoKl-67tQY1ttUopXqewzM31mKfj6JDfkbeGdaRhiBH_jlFTDbIE7metwsBnxucpQbDk1XlPmgsu8yZfbjJN19rhie7BTDS7BA5oYWizy8LBI6kUPkUTgqRRRhtyuVrWV1CXvpARrZvw",
        "e": "AQAB"
    }
}