Export local SAML signing DR bundle.
POST
/api/admin/saml-settings/local-signing/dr-bundle
Code sample: Shell / cURL
curl --request POST \ --url https://auth.example.com/api/admin/saml-settings/local-signing/dr-bundle \ --header 'Authorization: Bearer <token>' \ --header 'Content-Type: application/json' \ --data '{ "passphrase": "correct horse battery staple" }'Exports a passphrase-encrypted disaster recovery bundle containing tenant-local SAML signing settings and private signing keys. The response is marked no-store.
Authorizations
Section titled “Authorizations ”Request Body
Section titled “Request Body ” Media type application/json
object
passphrase
string
Example
{ "passphrase": "correct horse battery staple"}Responses
Section titled “ Responses ”Successful JSON response.
Media type application/json
object
kind
required
string
version
required
integer
tenantId
required
string
generatedAt
required
string format: date-time
encrypted
required
boolean
sensitive
required
boolean
warning
required
string
kdf
required
object
name
required
string
hash
required
string
iterations
required
integer
salt
required
string
cipher
required
object
name
required
string
iv
required
string
payload
required
string
payloadEncoding
required
string
Example
{ "kind": "authrim.saml_local_signing_secret_dr_bundle.encrypted.v1", "version": 1, "tenantId": "tenant_123", "generatedAt": "2026-06-19T00:00:00.000Z", "encrypted": true, "sensitive": true, "warning": "This bundle is passphrase-encrypted and contains SAML private signing keys after decryption. Store it offline.", "kdf": { "name": "PBKDF2", "hash": "SHA-256", "iterations": 100000, "salt": "base64-salt" }, "cipher": { "name": "AES-GCM", "iv": "base64-iv" }, "payload": "base64-ciphertext", "payloadEncoding": "base64"}