Renewing a User Store ID key
This topic describes how to renew a User Store ID key.
When you generate a User Store ID key, it has a lifetime of 30 days. Within the 30 day lifetime, the key will be honored for authentication to the Microsoft Store Services. The token can also be renewed to generate a new User Store ID for the same Entra application Client ID and User identities. Although the User Store ID will be honored when calling the Store Services for 30 days, that does not guarantee it can be renewed during the entire lifetime. The signing certificates used for these keys are frequently rotated, if the signing certificate is too old it will be rejected when attempting to renew the User Store ID. Therefore, if you are planning to renew your cached User Store IDs we recommend renewing them at least every 14 days. That will ensure the latest signing certificate was used and the new User Store ID will be able to be renewed again within the next 14 days.
Prerequisites
To renew a User Store ID key, you need the following:
- A Microsoft Entra ID access token that has the audience URI value
https://onestore.microsoft.com - An expired Microsoft Store ID key that was generated from client-side code in your app.
For more information, see Requesting a User Store ID for service-to-service authentication.
Request
Request syntax
| Key type | Method | Request URI |
|---|---|---|
Collections |
POST |
https://collections.mp.microsoft.com/v6.0/b2b/keys/renew |
Purchase |
POST |
https://purchase.mp.microsoft.com/v6.0/b2b/keys/renew |
Request header
| Header | Type | Description |
|---|---|---|
Host |
string |
Must be set to the value collections.mp.microsoft.com or purchase.mp.microsoft.com. |
Content-Length |
number |
The length of the request body. |
Content-Type |
string |
Specifies the request and response type. Currently, the only supported value is application/json. |
Request body
| Parameter | Type | Description | Required |
|---|---|---|---|
serviceTicket |
string |
The Microsoft Entra ID service access token | Yes |
key |
string |
The expired Microsoft Store ID key | Yes |
Request example
POST https://collections.mp.microsoft.com/v6.0/b2b/keys/renew HTTP/1.1
Content-Length: 2774
Content-Type: application/json
Host: collections.mp.microsoft.com
{
"serviceTicket": "eyJ0eXAiOiJKV1QiLCJhb...",
"Key": "eyJ0eXAiOiJKV1QiLCJhbG..."
}
Response
Response body
| Parameter | Type | Description |
|---|---|---|
key |
string |
The refreshed User Store ID key that can be used in future calls to the Microsoft Store collections API or purchase API |
Response example
HTTP/1.1 200 OK
Content-Length: 1646
Content-Type: application/json
MS-CorrelationId: bfebe80c-ff89-4c4b-8897-67b45b916e47
MS-RequestId: 1b5fa630-d672-4971-b2c0-3713f4ea6c85
MS-CV: xu2HW6SrSkyHyFh.0.0
MS-ServerId: 030011428
Date: Tue, 13 Sep 2019 07:31:12 GMT
{
"key":"eyJ0eXAi..."
}
Error codes
| Code | Error | Inner error code | Description |
|---|---|---|---|
| 401 | Unauthorized | AuthenticationTokenInvalid |
The Microsoft Entra ID access token is invalid. In some cases, the details of ServiceErrorcontains more information, such as when the token will expire or that the appid claim is missing. |
| 401 | Unauthorized | InconsistentClientId |
The clientId claim in the User Store ID key and the appid claim in the Microsoft Entra ID access token don't match. |
See also
Manage products from your services
Requesting a User Store ID for service-to-service authentication
Requesting a User Store ID from your service with XSTS tokens or OAuth 2.0
Authenticating your service with the Microsoft Store APIs
Microsoft.StoreServices library (GitHub)