POST KeyManagement
The POST /KeyManagement method is used to renew the External Account Binding (EAB) KeyId and KeyValue for the requesting user. The EAB key for the user may then be used to re-register an ACME client (e.g. Certbot) with the Keyfactor ACME server. This method has no input parameters other than the standard headers (see Endpoint Common Features). This method returns HTTP 200 OK on a success with the EAB key.
Note: This method does not issue a new EAB key if the requesting user does not have an existing EAB key. For that, see GET KeyManagement.
Tip: To be able to make this call, the requesting user must have the EnrollmentUser role in the claims list either directly or via a group/role (see Access Control and Claims).
Important: Running this command as a given user will invalidate the previous EAB information for that user and, as a result, invalidate any ACME client registrations made by that user with that EAB information. The ACME clients will need to be re-registered with the new EAB information.
Table 38: POST KeyManagement Response Data
| Name | Description |
|---|---|
| KeyId | A string containing the Keyfactor Command reference GUID for the EAB key issued to the external account (user) within the Keyfactor ACME server. This identifier allows the server to recognize which external account is associated with a given ACME request. |
| KeyValue | A Base64Url-encoded string containing the HMAC key used to sign the ACME request for external account binding. This key ensures the request is authenticated and that the ACME client is authorized to register with the server. |
Was this page helpful? Provide Feedback