Retire backup SAML signing certificate.
POST
/api/admin/saml-providers/{id}/signing-rollover/retire-backup
Code sample: Shell / cURL
curl --request POST \ --url https://auth.example.com/api/admin/saml-providers/example/signing-rollover/retire-backup \ --header 'Authorization: Bearer <token>' \ --header 'Content-Type: application/json' \ --data '{ "certificate": "-----BEGIN CERTIFICATE-----...", "metadataCertificatePublication": "active_next" }'Removes the backup signing certificate from the provider signing policy after a rollover has completed.
Authorizations
Section titled “Authorizations ”Parameters
Section titled “ Parameters ”Path Parameters
Section titled “Path Parameters ” id
required
string
SAML provider id.
Request Body required
Section titled “Request Body required ” Media type application/json
object
keyRef
string
kid
string
certificate
string
metadataPublishFrom
integer
plannedActivationAt
integer
metadataCertificatePublication
string
promotedAt
integer
keepPreviousAsBackup
boolean
Example
{ "certificate": "-----BEGIN CERTIFICATE-----...", "metadataCertificatePublication": "active_next"}Responses
Section titled “ Responses ”Successful JSON response.
Media type application/json
object
success
required
boolean
config
required
object
entityId
string
ssoUrl
string format: uri
acsUrl
string format: uri
certificate
string
metadataUrl
string format: uri
metadataXml
string
nameIdFormat
string
metadataNameIdFormats
Array<string>
key
additional properties
signingKeyPolicy
required
object
key
additional properties
updatedAt
required
string format: date-time
Example
{ "success": true, "config": { "entityId": "https://idp.example.com/metadata" }, "signingKeyPolicy": { "next": { "kid": "saml-next-key" } }, "updatedAt": "2026-06-19T00:00:00.000Z"}