Search for Keys
This API has been available since 1.45.0
This API is used to search for Keys and may be called using the GET or POST HTTP methods. Examples of each are provided below. The POST method is provided to allow for a richer request object without worrying about exceeding the maximum length of a URL. Calling this API with either the GET or POST HTTP method will provide the same search results given the same query parameters.
Request#
Request Parameters#
algorithmStringoptionalThe algorithm used to generate the key.
The possible values are:
Ed25519- EdDSA using the Ed25519 parameter set Available since 1.62.0ES256- ECDSA using P-256 curve and SHA-256 hash algorithmES384- ECDSA using P-384 curve and SHA-384 hash algorithmES512- ECDSA using P-521 curve and SHA-512 hash algorithmRS256- RSA using SHA-256 hash algorithmRS384- RSA using SHA-384 hash algorithmRS512- RSA using SHA-512 hash algorithmHS256- HMAC using SHA-256 hash algorithmHS384- HMAC using SHA-384 hash algorithmHS512- HMAC using SHA-512 hash algorithmNone- Secret Available since 1.64.0
nameStringoptionalThe case-insensitive string to search for in the Key name. This can contain wildcards using the asterisk character (*). If no wildcards are present, the search criteria will be interpreted as *value*.
numberOfResultsIntegeroptionalDefaults to 25The number of results to return from the search.
orderByStringoptionalDefaults to name ASCThe field to order the search results as well as an order direction.
The possible values are:
algorithm- the algorithm used to generate the Key.- Not all keys have an algorithm,
nullvalues are treated as smaller than all other values. - The possible values are: See algorithm.
- Not all keys have an algorithm,
expiration- the expiration instant of the Key.- Not all keys have an expiration value,
nullvalues are treated as smaller than all other values.
- Not all keys have an expiration value,
id- the UUID of the KeyinsertInstant- the instant when the Key was createdname- the Key nametype- the Key type- The possible values are: See type.
The order direction is optional. Possible values of the order direction are ASC or DESC. If omitted, the default sort order is ASC.
For example, to order the results by the insert instant in a descending order, use insertInstant DESC.
startRowIntegeroptionalDefaults to 0The offset into the total results. In order to paginate the results, increment this value by the numberOfResults for subsequent requests.
For example, if the total search results are greater than the page size designated by numberOfResults, set this value to 25 to retrieve results 26-50, assuming the default page size.
typeStringoptionalThe key type. The possible values are:
ECOKPAvailable since 1.62.0RSAHMACSecretAvailable since 1.64.0
OpenAPI Spec
When calling the API using a POST request you will send the search criteria in a JSON request body.
Request Body#
search.algorithmStringoptionalThe algorithm used to generate the key.
The possible values are:
Ed25519- EdDSA using the Ed25519 parameter set Available since 1.62.0ES256- ECDSA using P-256 curve and SHA-256 hash algorithmES384- ECDSA using P-384 curve and SHA-384 hash algorithmES512- ECDSA using P-521 curve and SHA-512 hash algorithmRS256- RSA using SHA-256 hash algorithmRS384- RSA using SHA-384 hash algorithmRS512- RSA using SHA-512 hash algorithmHS256- HMAC using SHA-256 hash algorithmHS384- HMAC using SHA-384 hash algorithmHS512- HMAC using SHA-512 hash algorithmNone- Secret Available since 1.64.0
search.nameStringoptionalThe case-insensitive string to search for in the Key name. This can contain wildcards using the asterisk character (*). If no wildcards are present, the search criteria will be interpreted as *value*.
search.numberOfResultsIntegeroptionalDefaults to 25The number of results to return from the search.
search.orderByStringoptionalDefaults to name ASCThe field to order the search results as well as an order direction.
The possible values are:
algorithm- the algorithm used to generate the Key.- Not all keys have an algorithm,
nullvalues are treated as smaller than all other values. - The possible values are: See search.algorithm.
- Not all keys have an algorithm,
expiration- the expiration instant of the Key.- Not all keys have an expiration value,
nullvalues are treated as smaller than all other values.
- Not all keys have an expiration value,
id- the UUID of the KeyinsertInstant- the instant when the Key was createdname- the Key nametype- the Key type- The possible values are: See search.type.
The order direction is optional. Possible values of the order direction are ASC or DESC. If omitted, the default sort order is ASC.
For example, to order the results by the insert instant in a descending order, use insertInstant DESC.
search.startRowIntegeroptionalDefaults to 0The offset into the total results. In order to paginate the results, increment this value by the numberOfResults for subsequent requests.
For example, if the total search results are greater than the page size designated by numberOfResults, set this value to 25 to retrieve results 26-50, assuming the default page size.
search.typeStringoptionalThe key type. The possible values are:
ECOKPAvailable since 1.62.0RSAHMACSecretAvailable since 1.64.0
Example Request JSON
{
"search": {
"algorithm": "RS256",
"name": "forum",
"numberOfResults": 25,
"orderBy": "insertInstant",
"startRow": 0,
"type": "RSA"
}
}
Response#
The response for this API contains the Keys matching the search criteria in paginated format and the total number of results matching the search criteria.
Response Codes| Code | Description |
|---|---|
| 200 | The request was successful. The response will contain a JSON body. |
| 400 | The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
| 401 | You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication. |
| 500 | There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
Response Body#
keys[x]ArrayThe list of Key objects.
keys[x].algorithmStringThe algorithm used to generate the key. For Secrets, this value will be None.
keys[x].certificateStringThe X.509 certificate. This field is omitted for HMAC keys and Secrets.
keys[x].certificateInformationMap<String, Object>The RSA or EC certificate information. This field is omitted for HMAC keys and Secrets.
keys[x].certificateInformation.issuerStringThe issuer of the certificate. This field is omitted for HMAC keys and Secrets.
keys[x].certificateInformation.md5FingerprintStringThe md5 fingerprint of the certificate. This field is omitted for HMAC keys and Secrets.
keys[x].certificateInformation.serialNumberStringThe serial number of the certificate. This field is omitted for HMAC keys and Secrets.
keys[x].certificateInformation.sha1FingerprintStringThe SHA-1 fingerprint of the certificate. This field is omitted for HMAC keys and Secrets.
keys[x].certificateInformation.sha1ThumbprintStringThe SHA-1 thumbprint of the certificate. This field is omitted for HMAC keys and Secrets.
keys[x].certificateInformation.sha256FingerprintStringThe SHA-256 fingerprint of the certificate. This field is omitted for HMAC keys and Secrets.
keys[x].certificateInformation.sha256ThumbprintStringThe SHA-256 thumbprint of the certificate. This field is omitted for HMAC keys and Secrets.
keys[x].certificateInformation.subjectStringThe subject of the certificate. This field is omitted for HMAC keys and Secrets.
keys[x].certificateInformation.validFromIntegerThe UNIX time in milliseconds marking the start of the certificate validity period. This field is omitted for HMAC keys and Secrets.
keys[x].certificateInformation.validToIntegerThe UNIX time in milliseconds marking the expiration certificate. This field is omitted for HMAC keys and Secrets.
keys[x].expirationInstantIntegerThe instant marking the expiration certificate. This field is omitted for HMAC keys and Secrets.
keys[x].hasPrivateKeyBooleanBecause the private key will never be returned in the API response, this value will indicate if the private key is stored in FusionAuth. This field is omitted for HMAC keys and Secrets.
keys[x].idUUIDThe Id of the Key.
keys[x].insertInstantLongThe instant that the key was added to the FusionAuth database.
keys[x].issuerStringThe issuer of the certificate. This field is omitted for HMAC keys and Secrets.
keys[x].kidStringThe key identifier 'kid'.
keys[x].lastUpdateInstantLongThe instant that the key was updated in the FusionAuth database.
keys[x].lengthStringThe length of the certificate. This field is omitted for HMAC keys and Secrets.
keys[x].nameStringThe name of the key.
keys[x].publicKeyStringThe certificate public key. This field is omitted for HMAC keys and Secrets.
keys[x].typeStringThe key type. The possible values are:
ECOKPAvailable since 1.62.0RSAHMACSecretAvailable since 1.64.0