keyCredential resource type
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Contains a key credential associated with an application or a service principal. The keyCredentials property of the application and servicePrincipal entities is a collection of keyCredential.
To add a keyCredential using Microsoft Graph, see Add a certificate to an app using Microsoft Graph.
Properties
| Property | Type | Description |
|---|---|---|
| customKeyIdentifier | Binary | A 40-character binary type that can be used to identify the credential. Optional. When not provided in the payload, defaults to the thumbprint of the certificate. |
| displayName | String | The friendly name for the key, with a maximum length of 90 characters. Longer values are accepted but shortened. Optional. |
| endDateTime | DateTimeOffset | The date and time at which the credential expires. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| key | Binary | Value for the key credential. Should be a Base64 encoded value. Returned only on $select for a single object, that is, GET applications/{applicationId}?$select=keyCredentials or GET servicePrincipals/{servicePrincipalId}?$select=keyCredentials; otherwise, it's always null. From a .cer certificate, you can read the key using the Convert.ToBase64String() method. For more information, see Get the certificate key. |
| keyId | Guid | The unique identifier for the key. |
| startDateTime | DateTimeOffset | The date and time at which the credential becomes valid.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| type | String | The type of key credential; for example, Symmetric, AsymmetricX509Cert, or X509CertAndPassword. |
| usage | String | A string that describes the purpose for which the key can be used; for example, None, Verify, PairwiseIdentifier, Delegation, Decrypt, Encrypt, HashedIdentifier, SelfSignedTls, or Sign. If usage is Sign, the type should be X509CertAndPassword, and the passwordCredentials for signing should be defined. |
Relationships
None.
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.keyCredential",
"customKeyIdentifier": "Binary",
"displayName": "String",
"endDateTime": "String (timestamp)",
"key": "Binary",
"keyId": "Guid",
"startDateTime": "String (timestamp)",
"type": "String",
"usage": "String"
}