Rotate the calling application's EC keypair

curl --request POST \
  --url https://idaas.yourflexpay.com/api/v1/applications/keys/rotate \
  --header 'Authorization: Bearer <token>'

{
  "success": true,
  "message": "<string>",
  "errorCode": "<string>",
  "data": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "name": "<string>",
    "appHandle": "walletapp",
    "clientId": "<string>",
    "clientSecret": "<string>",
    "active": true,
    "redirectUris": "<string>",
    "transactionWebhookUrl": "<string>",
    "webhookSecret": "<string>",
    "metadata": {},
    "logoUrl": "<string>",
    "appPublicKeyJwk": {
      "kty": "<string>",
      "crv": "<string>",
      "x": "<string>",
      "y": "<string>",
      "use": "<string>",
      "alg": "<string>",
      "d": "<string>"
    },
    "appPrivateJwk": {
      "kty": "<string>",
      "crv": "<string>",
      "x": "<string>",
      "y": "<string>",
      "use": "<string>",
      "alg": "<string>",
      "d": "<string>"
    },
    "encryptionEnabled": true,
    "keyVersion": 1,
    "createdAt": "2023-11-07T05:31:56Z"
  },
  "errors": [
    "<string>"
  ],
  "timestamp": "2023-11-07T05:31:56Z"
}

Authentication

Rotate the calling application's EC keypair

Generates a fresh EC P-256 keypair for the authenticated application and returns the new public key (JWK) and private key material (appPrivateJwk).

The private JWK is returned only once - store it securely. After rotation:

IDaaS will encrypt all outbound webhooks with the new public key.
Requests encrypted with the old public key will be rejected (Content-Encryption: JWE decryption will fail).
Allow a brief migration window for in-flight messages before destroying the old private key.

The keyVersion field is incremented on each rotation.

POST

applications

keys

rotate

Rotate the calling application's EC keypair

curl --request POST \
  --url https://idaas.yourflexpay.com/api/v1/applications/keys/rotate \
  --header 'Authorization: Bearer <token>'

{
  "success": true,
  "message": "<string>",
  "errorCode": "<string>",
  "data": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "name": "<string>",
    "appHandle": "walletapp",
    "clientId": "<string>",
    "clientSecret": "<string>",
    "active": true,
    "redirectUris": "<string>",
    "transactionWebhookUrl": "<string>",
    "webhookSecret": "<string>",
    "metadata": {},
    "logoUrl": "<string>",
    "appPublicKeyJwk": {
      "kty": "<string>",
      "crv": "<string>",
      "x": "<string>",
      "y": "<string>",
      "use": "<string>",
      "alg": "<string>",
      "d": "<string>"
    },
    "appPrivateJwk": {
      "kty": "<string>",
      "crv": "<string>",
      "x": "<string>",
      "y": "<string>",
      "use": "<string>",
      "alg": "<string>",
      "d": "<string>"
    },
    "encryptionEnabled": true,
    "keyVersion": 1,
    "createdAt": "2023-11-07T05:31:56Z"
  },
  "errors": [
    "<string>"
  ],
  "timestamp": "2023-11-07T05:31:56Z"
}

Authorizations

Authorization

string

header

required

Obtain a token from POST /v1/auth/token using your client_id and client_secret, then enter Bearer <token> here.

Response

Keypair rotated - new key material returned

success

boolean

message

string

errorCode

string

data

object

Registered application (tenant) details

Show child attributes

errors

string[]

timestamp

string<date-time>

Rotate the calling application's webhook signing secret Get a single webhook record by UUID