Search for Keys

This API has been available since 1.45.0

This API is used to search for Keys and may be called using the GET or POST HTTP methods. Examples of each are provided below. The POST method is provided to allow for a richer request object without worrying about exceeding the maximum length of a URL. Calling this API with either the GET or POST HTTP method will provide the same search results given the same query parameters.

Request#

Global API Key Authentication
Search for Keys
GET/api/key/search?algorithm=RS256&name={name}&type=RSA

Request Parameters#

algorithmStringoptional

The algorithm used to generate the key.

The possible values are:

  • Ed25519 - EdDSA using the Ed25519 parameter set Available since 1.62.0
  • ES256 - ECDSA using P-256 curve and SHA-256 hash algorithm
  • ES384 - ECDSA using P-384 curve and SHA-384 hash algorithm
  • ES512 - ECDSA using P-521 curve and SHA-512 hash algorithm
  • RS256 - RSA using SHA-256 hash algorithm
  • RS384 - RSA using SHA-384 hash algorithm
  • RS512 - RSA using SHA-512 hash algorithm
  • HS256 - HMAC using SHA-256 hash algorithm
  • HS384 - HMAC using SHA-384 hash algorithm
  • HS512 - HMAC using SHA-512 hash algorithm
  • None - Secret Available since 1.64.0
nameStringoptional

The case-insensitive string to search for in the Key name. This can contain wildcards using the asterisk character (*). If no wildcards are present, the search criteria will be interpreted as *value*.

numberOfResultsIntegeroptionalDefaults to 25

The number of results to return from the search.

orderByStringoptionalDefaults to name ASC

The field to order the search results as well as an order direction.

The possible values are:

  • algorithm - the algorithm used to generate the Key.
    • Not all keys have an algorithm, null values are treated as smaller than all other values.
    • The possible values are: See algorithm.
  • expiration - the expiration instant of the Key.
    • Not all keys have an expiration value, null values are treated as smaller than all other values.
  • id - the UUID of the Key
  • insertInstant - the instant when the Key was created
  • name - the Key name
  • type - the Key type
    • The possible values are: See type.

The order direction is optional. Possible values of the order direction are ASC or DESC. If omitted, the default sort order is ASC.

For example, to order the results by the insert instant in a descending order, use insertInstant DESC.

startRowIntegeroptionalDefaults to 0

The offset into the total results. In order to paginate the results, increment this value by the numberOfResults for subsequent requests.

For example, if the total search results are greater than the page size designated by numberOfResults, set this value to 25 to retrieve results 26-50, assuming the default page size.

typeStringoptional

The key type. The possible values are:

  • EC
  • OKP Available since 1.62.0
  • RSA
  • HMAC
  • Secret Available since 1.64.0
Global API Key Authentication
Search for Keys
POST/api/key/search
OpenAPI Spec

When calling the API using a POST request you will send the search criteria in a JSON request body.

Request Body#

search.algorithmStringoptional

The algorithm used to generate the key.

The possible values are:

  • Ed25519 - EdDSA using the Ed25519 parameter set Available since 1.62.0
  • ES256 - ECDSA using P-256 curve and SHA-256 hash algorithm
  • ES384 - ECDSA using P-384 curve and SHA-384 hash algorithm
  • ES512 - ECDSA using P-521 curve and SHA-512 hash algorithm
  • RS256 - RSA using SHA-256 hash algorithm
  • RS384 - RSA using SHA-384 hash algorithm
  • RS512 - RSA using SHA-512 hash algorithm
  • HS256 - HMAC using SHA-256 hash algorithm
  • HS384 - HMAC using SHA-384 hash algorithm
  • HS512 - HMAC using SHA-512 hash algorithm
  • None - Secret Available since 1.64.0
search.nameStringoptional

The case-insensitive string to search for in the Key name. This can contain wildcards using the asterisk character (*). If no wildcards are present, the search criteria will be interpreted as *value*.

search.numberOfResultsIntegeroptionalDefaults to 25

The number of results to return from the search.

search.orderByStringoptionalDefaults to name ASC

The field to order the search results as well as an order direction.

The possible values are:

  • algorithm - the algorithm used to generate the Key.
    • Not all keys have an algorithm, null values are treated as smaller than all other values.
    • The possible values are: See search.algorithm.
  • expiration - the expiration instant of the Key.
    • Not all keys have an expiration value, null values are treated as smaller than all other values.
  • id - the UUID of the Key
  • insertInstant - the instant when the Key was created
  • name - the Key name
  • type - the Key type
    • The possible values are: See search.type.

The order direction is optional. Possible values of the order direction are ASC or DESC. If omitted, the default sort order is ASC.

For example, to order the results by the insert instant in a descending order, use insertInstant DESC.

search.startRowIntegeroptionalDefaults to 0

The offset into the total results. In order to paginate the results, increment this value by the numberOfResults for subsequent requests.

For example, if the total search results are greater than the page size designated by numberOfResults, set this value to 25 to retrieve results 26-50, assuming the default page size.

search.typeStringoptional

The key type. The possible values are:

  • EC
  • OKP Available since 1.62.0
  • RSA
  • HMAC
  • Secret Available since 1.64.0

Example Request JSON

{
  "search": {
    "algorithm": "RS256",
    "name": "forum",
    "numberOfResults": 25,
    "orderBy": "insertInstant",
    "startRow": 0,
    "type": "RSA"
  }
}

Response#

The response for this API contains the Keys matching the search criteria in paginated format and the total number of results matching the search criteria.

Response Codes
CodeDescription
200The request was successful. The response will contain a JSON body.
400The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.
401You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
500There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

Response Body#

keys[x]Array

The list of Key objects.

keys[x].algorithmString

The algorithm used to generate the key. For Secrets, this value will be None.

keys[x].certificateString

The X.509 certificate. This field is omitted for HMAC keys and Secrets.

keys[x].certificateInformationMap<String, Object>

The RSA or EC certificate information. This field is omitted for HMAC keys and Secrets.

keys[x].certificateInformation.issuerString

The issuer of the certificate. This field is omitted for HMAC keys and Secrets.

keys[x].certificateInformation.md5FingerprintString

The md5 fingerprint of the certificate. This field is omitted for HMAC keys and Secrets.

keys[x].certificateInformation.serialNumberString

The serial number of the certificate. This field is omitted for HMAC keys and Secrets.

keys[x].certificateInformation.sha1FingerprintString

The SHA-1 fingerprint of the certificate. This field is omitted for HMAC keys and Secrets.

keys[x].certificateInformation.sha1ThumbprintString

The SHA-1 thumbprint of the certificate. This field is omitted for HMAC keys and Secrets.

keys[x].certificateInformation.sha256FingerprintString

The SHA-256 fingerprint of the certificate. This field is omitted for HMAC keys and Secrets.

keys[x].certificateInformation.sha256ThumbprintString

The SHA-256 thumbprint of the certificate. This field is omitted for HMAC keys and Secrets.

keys[x].certificateInformation.subjectString

The subject of the certificate. This field is omitted for HMAC keys and Secrets.

keys[x].certificateInformation.validFromInteger

The UNIX time in milliseconds marking the start of the certificate validity period. This field is omitted for HMAC keys and Secrets.

keys[x].certificateInformation.validToInteger

The UNIX time in milliseconds marking the expiration certificate. This field is omitted for HMAC keys and Secrets.

keys[x].expirationInstantInteger

The instant marking the expiration certificate. This field is omitted for HMAC keys and Secrets.

keys[x].hasPrivateKeyBoolean

Because the private key will never be returned in the API response, this value will indicate if the private key is stored in FusionAuth. This field is omitted for HMAC keys and Secrets.

keys[x].idUUID

The Id of the Key.

keys[x].insertInstantLong

The instant that the key was added to the FusionAuth database.

keys[x].issuerString

The issuer of the certificate. This field is omitted for HMAC keys and Secrets.

keys[x].kidString

The key identifier 'kid'.

keys[x].lastUpdateInstantLong

The instant that the key was updated in the FusionAuth database.

keys[x].lengthString

The length of the certificate. This field is omitted for HMAC keys and Secrets.

keys[x].nameString

The name of the key.

keys[x].publicKeyString

The certificate public key. This field is omitted for HMAC keys and Secrets.

keys[x].typeString

The key type. The possible values are:

  • EC
  • OKP Available since 1.62.0
  • RSA
  • HMAC
  • Secret Available since 1.64.0