verify - verify
Verifies a signature using a specified key.
The VERIFY operation is applicable to symmetric keys stored in Azure Key Vault. VERIFY is not strictly necessary for asymmetric keys stored in Azure Key Vault since signature verification can be performed using the public portion of the key but this operation is supported as a convenience for callers that only have a key-reference and not the public portion of the key. This operation requires the keys/verify permission.
POST {vaultBaseUrl}/keys/{key-name}/{key-version}/verify?api-version=2025-07-01URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
key-name
|
path | True |
string |
The name of the key. |
|
key-version
|
path | True |
string |
The version of the key. |
|
vault
|
path | True |
string (uri) |
|
|
api-version
|
query | True |
string minLength: 1 |
The API version to use for this operation. |
Request Body
| Name | Required | Type | Description |
|---|---|---|---|
| alg | True |
The signing/verification algorithm. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm. |
|
| digest | True |
string (base64url) |
The digest used for signing. |
| value | True |
string (base64url) |
The signature to be verified. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
The request has succeeded. |
|
| Other Status Codes |
An unexpected error response. |
Security
OAuth2Auth
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name | Description |
|---|---|
| https://vault.azure.net/.default |
Examples
Verify
Sample request
POST https://myvault.vault.azure.net//keys/testkey/9885aa558e8d448789683188f8c194b0/verify?api-version=2025-07-01
{
"alg": "RS512",
"value": "RUE3Nzg4NTQ4QjQ5RjFFN0U2NzAyQzhDNEMwMkJDOTA1MTYyOTUzNjI5NDhBNzZDQTlFOTM1NDA2M0ZGMjk2Mg",
"digest": "aKFG8NXcfTzqyR44rW42484K_zZI_T7zZuebvWuNgAoEI1gXYmxrshp42CunSmmu4oqo4-IrCikPkNIBkHXnAW2cv03Ad0UpwXhVfepK8zzDBaJPMKVGS-ZRz8CshEyGDKaLlb3J3zEkXpM3RrSEr0mdV6hndHD_mznLB5RmFui5DsKAhez4vUqajgtkgcPfCekMqeSwp6r9ItVL-gEoAohx8XMDsPedqu-7BuZcBcdayaPuBRL4wWoTDULA11P-UN_sJ5qMj3BbiRYhIlBWGR04wIGfZ3pkJjHJUpOvgH2QajdYPzUBauOCewMYbq9XkLRSzI_A7HkkDVycugSeAA"
}
Sample response
{
"value": true
}Definitions
| Name | Description |
|---|---|
| Error | |
|
Json |
The signing/verification algorithm identifier. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm. |
|
Key |
The key vault error exception. |
|
Key |
The key verify parameters. |
|
Key |
The key verify result. |
Error
| Name | Type | Description |
|---|---|---|
| code |
string |
The error code. |
| innererror |
The key vault server error. |
|
| message |
string |
The error message. |
JsonWebKeySignatureAlgorithm
The signing/verification algorithm identifier. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm.
| Value | Description |
|---|---|
| PS256 |
RSASSA-PSS using SHA-256 and MGF1 with SHA-256, as described in https://tools.ietf.org/html/rfc7518 |
| PS384 |
RSASSA-PSS using SHA-384 and MGF1 with SHA-384, as described in https://tools.ietf.org/html/rfc7518 |
| PS512 |
RSASSA-PSS using SHA-512 and MGF1 with SHA-512, as described in https://tools.ietf.org/html/rfc7518 |
| RS256 |
RSASSA-PKCS1-v1_5 using SHA-256, as described in https://tools.ietf.org/html/rfc7518 |
| RS384 |
RSASSA-PKCS1-v1_5 using SHA-384, as described in https://tools.ietf.org/html/rfc7518 |
| RS512 |
RSASSA-PKCS1-v1_5 using SHA-512, as described in https://tools.ietf.org/html/rfc7518 |
| HS256 |
HMAC using SHA-256, as described in https://tools.ietf.org/html/rfc7518 |
| HS384 |
HMAC using SHA-384, as described in https://tools.ietf.org/html/rfc7518 |
| HS512 |
HMAC using SHA-512, as described in https://tools.ietf.org/html/rfc7518 |
| RSNULL |
Reserved |
| ES256 |
ECDSA using P-256 and SHA-256, as described in https://tools.ietf.org/html/rfc7518. |
| ES384 |
ECDSA using P-384 and SHA-384, as described in https://tools.ietf.org/html/rfc7518 |
| ES512 |
ECDSA using P-521 and SHA-512, as described in https://tools.ietf.org/html/rfc7518 |
| ES256K |
ECDSA using P-256K and SHA-256, as described in https://tools.ietf.org/html/rfc7518 |
KeyVaultError
The key vault error exception.
| Name | Type | Description |
|---|---|---|
| error |
The key vault server error. |
KeyVerifyParameters
The key verify parameters.
| Name | Type | Description |
|---|---|---|
| alg |
The signing/verification algorithm. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm. |
|
| digest |
string (base64url) |
The digest used for signing. |
| value |
string (base64url) |
The signature to be verified. |
KeyVerifyResult
The key verify result.
| Name | Type | Description |
|---|---|---|
| value |
boolean |
True if the signature is verified, otherwise false. |