Partilhar via


Certificate - Refresh Secret

From KeyVault, Refresh the certificate being used for authentication with the backend.

POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/certificates/{certificateId}/refreshSecret?api-version=2021-08-01

URI Parameters

Name In Required Type Description
certificateId
path True

string

Identifier of the certificate entity. Must be unique in the current API Management service instance.

Regex pattern: ^[^*#&+:<>?]+$

resourceGroupName
path True

string

The name of the resource group.

serviceName
path True

string

The name of the API Management service.

Regex pattern: ^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?$

subscriptionId
path True

string

Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.

api-version
query True

string

Version of the API to be used with the client request.

Responses

Name Type Description
200 OK

CertificateContract

The certificate details were successfully updated.

Headers

ETag: string

Other Status Codes

ErrorResponse

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

ApiManagementRefreshCertificate

Sample request

POST https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/certificates/templateCertkv/refreshSecret?api-version=2021-08-01

Sample response

{
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/certificates/templateCertkv",
  "type": "Microsoft.ApiManagement/service/certificates",
  "name": "templateCertkv",
  "properties": {
    "subject": "CN=*.msitesting.net",
    "thumbprint": "EA**********************9AD690",
    "expirationDate": "2037-01-01T07:00:00Z",
    "keyVault": {
      "secretIdentifier": "https://rpbvtkeyvaultintegration.vault-int.azure-int.net/secrets/msitestingCert",
      "identityClientId": "ceaa6b06-c00f-43ef-99ac-f53d1fe876a0",
      "lastStatus": {
        "code": "Success",
        "timeStampUtc": "2020-09-22T00:24:53.3191468Z"
      }
    }
  }
}

Definitions

Name Description
CertificateContract

Certificate details.

ErrorFieldContract

Error Field contract.

ErrorResponse

Error Response.

KeyVaultContractProperties

KeyVault contract details.

KeyVaultLastAccessStatusContractProperties

Issue contract Update Properties.

CertificateContract

Certificate details.

Name Type Description
id

string

Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}

name

string

The name of the resource

properties.expirationDate

string

Expiration date of the certificate. The date conforms to the following format: yyyy-MM-ddTHH:mm:ssZ as specified by the ISO 8601 standard.

properties.keyVault

KeyVaultContractProperties

KeyVault location details of the certificate.

properties.subject

string

Subject attribute of the certificate.

properties.thumbprint

string

Thumbprint of the certificate.

type

string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

ErrorFieldContract

Error Field contract.

Name Type Description
code

string

Property level error code.

message

string

Human-readable representation of property-level error.

target

string

Property name.

ErrorResponse

Error Response.

Name Type Description
error.code

string

Service-defined error code. This code serves as a sub-status for the HTTP error code specified in the response.

error.details

ErrorFieldContract[]

The list of invalid fields send in request, in case of validation error.

error.message

string

Human-readable representation of the error.

KeyVaultContractProperties

KeyVault contract details.

Name Type Description
identityClientId

string

Null for SystemAssignedIdentity or Client Id for UserAssignedIdentity , which will be used to access key vault secret.

lastStatus

KeyVaultLastAccessStatusContractProperties

Last time sync and refresh status of secret from key vault.

secretIdentifier

string

Key vault secret identifier for fetching secret. Providing a versioned secret will prevent auto-refresh. This requires API Management service to be configured with aka.ms/apimmsi

KeyVaultLastAccessStatusContractProperties

Issue contract Update Properties.

Name Type Description
code

string

Last status code for sync and refresh of secret from key vault.

message

string

Details of the error else empty.

timeStampUtc

string

Last time secret was accessed. The date conforms to the following format: yyyy-MM-ddTHH:mm:ssZ as specified by the ISO 8601 standard.