0

When running a POST with addKey using the old Azure AD Graph API (v1.6), https://graph.windows.net/tenant_id/applications/app_oid/addKey?api-version=1.6, I get a response body with a return value containing the keyId of the newly created keyCredential:

    "statusCode": 200,
    "body": {
        "odata.metadata": "https://graph.windows.net/tenantid/$metadata#Collection(Microsoft.DirectoryServices.KeyCredential)",
        "value": [
            {
                "customKeyIdentifier": "A053F5114BC7F7C07F700CF2C4ACE47BBFD82D23",
                "endDate": "2022-06-08T14:34:03Z",
                "keyId": "fbbaf346-168a-4c90-97ca-346bcd43988d",
                "startDate": "2020-06-08T14:34:03Z",
                "type": "AsymmetricX509Cert",
                "usage": "Verify",
                "value": null
            }
        ]
    },

When running a POST with addKey using the latest version of the Microsoft Graph API (Microsoft Graph REST API v1.0), https://graph.microsoft.com/v1.0/applications/app_oid/addKey, I get a response body without the return value containing the keyId of the newly created keyCredential (the new keyCredential is created and can be seen in the list of keyCredentials belonging to the application, in the Azure portal):

    "statusCode": 200,
    "body": {
        "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#microsoft.graph.keyCredential"
    }

Is there a way to get a return value containing the keyId (like in the Azure AD Graph API v1.6 example above) in the response?

Darrel Miller
  • 139,164
  • 32
  • 194
  • 243
user12041174
  • 1
  • 3

2 Answers2

0

According to the Ms graph document, you get odata.context by using

POST https://graph.microsoft.com/v1.0/applications/{id}/addKey

and you can get the key Id of the key credential by using the below query.

https://graph.microsoft.com/v1.0/applications/id
Sruthi J
  • 1,524
  • 1
  • 5
  • 8
  • Thanks for your answer, but the query (the latter) you are refering to will return the whole application-object, will it not (the id in the query is the application id)? When the application contains more than one keyCredential, you can't know which keyCredential is the one you just created. – user12041174 Jun 08 '20 at 22:29
  • Yes, ID is referred to as application id. Generally if you upload certificate directly it start date as the created date by default.So you get latest key credentials by using start date – Sruthi J Jun 10 '20 at 19:10
  • Yes, the date can be used, but if you have the private part of the keyCredential stored together with the keyId in some safe storage, it will be much easier to use [_removeKey_](https://learn.microsoft.com/en-us/graph/api/application-removekey?view=graph-rest-1.0&tabs=http#http-request) when you want to delete it. _removeKey_ takes the _keyId_ of the keyCredential as input. I was just wondering if it is possible to get this _keyId_ in the response from _addKey_ like in the old Azure AD Graph API. – user12041174 Jun 11 '20 at 07:24
  • Currently, it is not possible please raise the [uservoice](https://microsoftgraph.uservoice.com/forums/920506-microsoft-graph-feature-requestsy) – Sruthi J Jun 11 '20 at 15:00
0

Currently it is not possible to get the keyId in the returnvalue from addKey using Microsoft Graph REST API v1.0, according to MSFT. Uservoice can be raised.

user12041174
  • 1
  • 3