Common parameters and headers
The following information is common to all operations that you might perform on Key Vault resources:
- The HTTP
Hostheader must always be present and must specify the vault hostname. Example:Host: contoso.vault.azure.net. Note that most client technologies populate theHostheader from the URI. For instance,GET https://contoso.vault.azure.net/secrets/mysecret{...}will set theHostascontoso.vault.azure.net. If you access Key Vault using raw IP address likeGET https://10.0.0.23/secrets/mysecret{...}, the automatic value ofHostheader will be wrong, and you'll have to manually ensure that theHostheader contains the vault hostname. - Replace
{api-version}with the api-version in the URI. - Replace
{subscription-id}with your subscription identifier in the URI - Replace
{resource-group-name}with the resource group. For more information, see Using Resource groups to manage your Azure resources. - Replace
{vault-name}with your key vault name in the URI. - Set the Content-Type header to application/json.
- Set the Authorization header to a JSON Web Token that you obtain from Microsoft Entra ID. For more information, see Authenticating Azure Resource Manager requests.
Common error response
The service will use HTTP status codes to indicate success or failure. In addition, failures contain a response in the following format:
{
"error": {
"code": "BadRequest",
"message": "The key vault sku is invalid."
}
}
| Element name | Type | Description |
|---|---|---|
| code | string | The type of error that occurred. |
| message | string | A description of what caused the error. |