Revoke Signing Keys

​

Prerequisites

• Before you can revoke a previously-used signing key, you must first have rotated the key. To learn more, read Rotate Signing Keys, or see the Rotate and revoke signing key section below.
• Make sure you have updated your application or API with the new key before you revoke the previous key.

​

Use the Dashboard

​

Revoke previously used signing key

1. Go to Dashboard > Settings > Signing Keys.
2. In the List of Valid Keys section, locate the Previously Used key, select the more options (…) menu, and select Revoke Key. The List of Valid Keys section lists the current signing key being used by your tenant, plus the next signing key that will be assigned should you choose to rotate your signing keys. If you have previously rotated signing keys, this section also lists the previously-used keys. The List of Revoked Keys section lists the last three revoked keys for your tenant.
3. Select Revoke to confirm.

​

Rotate and revoke signing key

1. Go to Dashboard > Settings > Signing Keys.
2. In the Rotation Settings section, locate the Rotate & Revoke Signing Key section, and select Rotate & Revoke Key.
3. Select Rotate & Revoke to confirm.

​

Use the Management API

1. To get a list of the signing keys, make a GET call to the Get all Application Signing Keys endpoint.
2. Make a PUT call to the Revoke an Application Signing Key by its Key ID endpoint. Be sure to replace the {yourKeyId} and {yourMgmtApiAccessToken} placeholder values with your signing key’s ID and Management API access token, respectively.

   curl --request PUT \
   --url 'https://{yourDomain}/api/v2/keys/signing/%7ByourKeyId%7D/revoke' \
   --header 'authorization: Bearer {yourMgmtApiAccessToken}'

​

Learn more

• Rotate Signing Keys
• View Signing Certificates
• Change Application Signing Algorithms