Skip to main content
POST
/
api
/
adm
/
KeyStores
/
generation
Generate Keystore
curl --request POST \
  --url https://localhost:44371/api/adm/KeyStores/generation \
  --header 'Authorization: Bearer <token>'
{
  "success": true,
  "code": 200,
  "errorMessage": null
}

Description

Generates a new AES-256 encryption key and creates a keystore entry with activation and expiration dates calculated based on system configuration. This is the preferred method for creating encryption keys as it uses the system’s CSPRNG.

Input

None required.

Output

Returns a KeystoreGenerationCommandResponse containing details of the generated keystore.

Example Request

POST /api/admin/KeyStores/generation
Authorization: Bearer {token}

Example Response

{
  "success": true,
  "code": 200,
  "errorMessage": null,
  "keystoreId": "7bc94a21-8833-4d2f-a5e1-9f4b2d8c1e7a",
  "activationDate": "2024-01-15T10:30:00Z",
  "expirationDate": "2025-01-15T10:30:00Z",
  "keyStrength": "AES-256"
}

Errors

  • 400 Bad Request — Key generation failed due to system configuration issues.
  • 401 Unauthorized — Missing or invalid authentication.
  • 404 Not Found — Required system resources for key generation not available.
  • 500 Internal Server Error — Unexpected error during generation (RNG or database issues).

Notes

  • Generation process: generate 256-bit AES key, set activation date to current, calculate expiration date, store encrypted.
  • Rotation workflow: generate 30-60 days before expiration, set activation overlap, re-encrypt data, deactivate old key.
  • Best practices: generate in secure environments, audit events, backup keys, test in non-production, schedule during low traffic.
  • Comply with PCI-DSS, GDPR, and applicable data security standards.

Authorizations

Authorization
string
header
required

The access token received from the authorization server in the OAuth 2.0 flow.

Response

Returns the ID and details of the newly generated keystore.

Standard response structure containing operation status and error information. Standard command response indicating the result of a data modification. Represents the response containing generated key material for client consumption.

success
boolean

True if the operation completed successfully; false if an error occurred.

Example:

true

code
enum<string>

Result code indicating the outcome of the operation.

Available options:
Unknown,
Success,
BadRequest,
Unauthorized,
NotFound,
Error
Example:

200

errorMessage
string | null

Human-readable error message when an error occurs.

Example:

null

keyBase64
string | null

The generated key encoded in base64 format.

ivBase64
string | null

The generated initialization vector encoded in base64 format.