Skip to content

Emergency rotate signing keys

POST
/api/admin/signing-keys/emergency-rotate
Code sample: Shell / cURL
curl --request POST \
--url https://auth.example.com/api/admin/signing-keys/emergency-rotate \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '{ "reason": "Compromised private key reported by security monitoring" }'

Immediately rotates signing keys, revokes the previous key, invalidates JWKS cache, and records a critical audit event.

Reason for emergency key rotation. Minimum length is enforced by the API.

Media type application/json
object
reason
required
string
>= 10 characters
key
additional properties
Example
{
"reason": "Compromised private key reported by security monitoring"
}

Emergency signing key rotation result.

Media type application/json
object
success
boolean
message
string
revokedKeyId
string
newKeyId
string
warning
string
key
additional properties
Example
{
"success": true,
"message": "Emergency key rotation completed successfully",
"revokedKeyId": "kid_2026_05",
"newKeyId": "kid_2026_06",
"warning": "Old key has been immediately revoked and removed from JWKS"
}

Error response.

Media type application/json
object
error
string
message
string
error_description
string
key
additional properties
Example generated
{
"error": "example",
"message": "example",
"error_description": "example"
}

Error response.

Media type application/json
object
error
string
message
string
error_description
string
key
additional properties
Example generated
{
"error": "example",
"message": "example",
"error_description": "example"
}

Error response.

Media type application/json
object
error
string
message
string
error_description
string
key
additional properties
Example generated
{
"error": "example",
"message": "example",
"error_description": "example"
}