Skip to main content
API docs by Redocly

Locksmith (v1)

Download OpenAPI specification:Download

Account

/MicrosoftIdentity/Account/SignIn/{scheme}

Authorizations:
Entra ID
path Parameters
scheme
required
string
query Parameters
redirectUri
string

Responses

/MicrosoftIdentity/Account/Challenge/{scheme}

Authorizations:
Entra ID
path Parameters
scheme
required
string
query Parameters
redirectUri
string
scope
string
loginHint
string
domainHint
string
claims
string
policy
string

Responses

/MicrosoftIdentity/Account/SignOut/{scheme}

Authorizations:
Entra ID
path Parameters
scheme
required
string

Responses

/MicrosoftIdentity/Account/ResetPassword/{scheme}

Authorizations:
Entra ID
path Parameters
scheme
required
string

Responses

/MicrosoftIdentity/Account/EditProfile/{scheme}

Authorizations:
Entra ID
path Parameters
scheme
required
string

Responses

Credentials

Get list of all integration credentials.

Authorizations:
Entra ID
query Parameters
CredentialType
string
PageNumber
integer <int32>
PageSize
integer <int32>

Responses

Response samples

Content type
No sample

Creates a credential in the database and stores the secret in the locksmith's default key vault.

Authorizations:
Entra ID
Request Body schema:

Get list of all integration credentials.

CredentialTypes: ManagedIdentity, Secret, Key and Certificate

type
required
string or null
displayName
required
string or null
identifier
required
string or null
secret
required
string or null

Responses

Request samples

Content type
{
  • "type": "string",
  • "displayName": "string",
  • "identifier": "string",
  • "secret": "string"
}

Response samples

Content type
No sample

Read properties and relationships of the integration credential.

Authorizations:
Entra ID
path Parameters
id
required
string <uuid>

The unique identifier for the integration credential.

Responses

Response samples

Content type
No sample

Update properties of the integration credential.

Authorizations:
Entra ID
path Parameters
id
required
string <uuid>

The unique identifier for the integration credential.

Request Body schema:

Specification of the changes to be applied to the resource

displayName
string or null
identifier
string or null

Responses

Request samples

Content type
{
  • "displayName": "string",
  • "identifier": "string"
}

Delete the integration credential.

Authorizations:
Entra ID
path Parameters
id
required
string <uuid>

The unique identifier for the integration credential.

Responses

Providers

Gets the paginated list of providers of all types.

Authorizations:
Entra ID
query Parameters
PageNumber
integer <int32>
PageSize
integer <int32>

Responses

Response samples

Content type
No sample

Create provider configuration.

Authorizations:
Entra ID
Request Body schema:

The body of the request.

type
required
string or null
displayName
required
string or null
credentialId
required
string <uuid>
tenantId
string or null
teamId
string or null

Responses

Request samples

Content type
{
  • "type": "string",
  • "displayName": "string",
  • "credentialId": "f568fec0-10b6-4b94-9daf-e62c50c9bf3e",
  • "tenantId": "string",
  • "teamId": "string"
}

Response samples

Content type
No sample

Read properties and relationships of the provider.

Authorizations:
Entra ID
path Parameters
Id
required
string <uuid>

Responses

Response samples

Content type
No sample

Update properties of the provider

Authorizations:
Entra ID
path Parameters
Id
required
string <uuid>
Request Body schema:

Specification of the changes to be applied to the resource

displayName
string or null
credentialId
string or null <uuid>
tenantId
string or null
teamId
string or null

Responses

Request samples

Content type
{
  • "displayName": "string",
  • "credentialId": "f568fec0-10b6-4b94-9daf-e62c50c9bf3e",
  • "tenantId": "string",
  • "teamId": "string"
}

Delete the provider configuration.

Authorizations:
Entra ID
path Parameters
Id
required
string <uuid>

Responses

Gets the paginated list of providers.

Authorizations:
Entra ID
path Parameters
Type
required
string
query Parameters
PageNumber
integer <int32>
PageSize
integer <int32>

Responses

Response samples

Content type
No sample

Create provider configuration.

Authorizations:
Entra ID
path Parameters
Type
required
string
Request Body schema:

The body of the request.

displayName
required
string or null
credentialId
required
string <uuid>
tenantId
string or null
teamId
string or null

Responses

Request samples

Content type
{
  • "displayName": "string",
  • "credentialId": "f568fec0-10b6-4b94-9daf-e62c50c9bf3e",
  • "tenantId": "string",
  • "teamId": "string"
}

Response samples

Content type
No sample

Read properties and relationships of the provider.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>

Responses

Response samples

Content type
No sample

Update properties of the provider

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
Request Body schema:

Specification of the changes to be applied to the resource

displayName
string or null
credentialId
string or null <uuid>
tenantId
string or null
teamId
string or null

Responses

Request samples

Content type
{
  • "displayName": "string",
  • "credentialId": "f568fec0-10b6-4b94-9daf-e62c50c9bf3e",
  • "tenantId": "string",
  • "teamId": "string"
}

Delete the provider configuration.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>

Responses

Get a list of configured secrets for specified provider.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
query Parameters
PageNumber
integer <int32>
PageSize
integer <int32>

Responses

Response samples

Content type
No sample

Read properties and relationships of configured secret for the specified provider.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretId
required
string <uuid>

Responses

Response samples

Content type
No sample

Get a list of available application secrets with app credentials for the Entra ID provider using Microsoft Graph API.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretType
required
string
query Parameters
searCriteria
string

Optional parameter to narrow down the results

Responses

Response samples

Content type
No sample

Get a list of configured secrets for the specified provider type.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretType
required
string
query Parameters
PageNumber
integer <int32>
PageSize
integer <int32>

Responses

Response samples

Content type
No sample

Create provider secret configuration for the specified provider.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretType
required
string
Request Body schema:

The body of the request.

appId
string or null
appCredentialName
string or null
appCredentialId
string or null
displayName
string or null
serviceId
string or null
audience
string or null

Responses

Request samples

Content type
{
  • "appId": "string",
  • "appCredentialName": "string",
  • "appCredentialId": "string",
  • "displayName": "string",
  • "serviceId": "string",
  • "audience": "string"
}

Response samples

Content type
No sample

Read properties and relationships of configured secret for the specified provider type.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretType
required
string
SecretId
required
string <uuid>

Responses

Response samples

Content type
No sample

/api/Providers/{Type}/{Id}/secrets/{SecretType}/{SecretId}

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretType
required
string
SecretId
required
string <uuid>
Request Body schema:
displayName
string or null
serviceId
string or null
audience
string or null

Responses

Request samples

Content type
{
  • "displayName": "string",
  • "serviceId": "string",
  • "audience": "string"
}

Delete the secret configuration for the specified provider type.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretType
required
string
SecretId
required
string <uuid>

Responses

Gets the list of store secrets linked to the specified provider secret.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretType
required
string
SecretId
required
string <uuid>

Responses

Response samples

Content type
No sample

Rotate the secret for the specified provider type.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretType
required
string
SecretId
required
string <uuid>
query Parameters
lifetimeDays
integer <int32>

For EntraId the default is 180 days. For Apple, if set, overrides the LifetimeSeconds property of the provider secret.

Responses

Receivers

Gets the paginated list of receivers of all types.

Authorizations:
Entra ID
query Parameters
PageNumber
integer <int32>
PageSize
integer <int32>

Responses

Response samples

Content type
No sample

Create receiver configuration.

Authorizations:
Entra ID
Request Body schema:

The body of the request.

type
required
string or null
displayName
required
string or null
credentialId
required
string <uuid>
tenantId
string or null

Responses

Request samples

Content type
{
  • "type": "string",
  • "displayName": "string",
  • "credentialId": "f568fec0-10b6-4b94-9daf-e62c50c9bf3e",
  • "tenantId": "string"
}

Response samples

Content type
No sample

Read properties and relationships of the receiver.

Authorizations:
Entra ID
path Parameters
Id
required
string <uuid>

Responses

Response samples

Content type
No sample

Update properties of the receiver

Authorizations:
Entra ID
path Parameters
Id
required
string <uuid>
Request Body schema:

Specification of the changes to be applied to the resource

displayName
string or null
credentialId
string or null <uuid>
tenantId
string or null

Responses

Request samples

Content type
{
  • "displayName": "string",
  • "credentialId": "f568fec0-10b6-4b94-9daf-e62c50c9bf3e",
  • "tenantId": "string"
}

Delete the receiver configuration.

Authorizations:
Entra ID
path Parameters
Id
required
string <uuid>

Responses

Gets the paginated list of receivers.

Authorizations:
Entra ID
path Parameters
Type
required
string
query Parameters
PageNumber
integer <int32>
PageSize
integer <int32>

Responses

Response samples

Content type
No sample

Create receiver configuration.

Authorizations:
Entra ID
path Parameters
Type
required
string
Request Body schema:

The body of the request.

displayName
required
string or null
credentialId
string <uuid>
tenantId
string or null

Responses

Request samples

Content type
{
  • "displayName": "string",
  • "credentialId": "f568fec0-10b6-4b94-9daf-e62c50c9bf3e",
  • "tenantId": "string"
}

Response samples

Content type
No sample

Read properties and relationships of the receiver.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>

Responses

Response samples

Content type
No sample

Update properties of the receiver

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
Request Body schema:

Specification of the changes to be applied to the resource

displayName
string or null
credentialId
string or null <uuid>
tenantId
string or null

Responses

Request samples

Content type
{
  • "displayName": "string",
  • "credentialId": "f568fec0-10b6-4b94-9daf-e62c50c9bf3e",
  • "tenantId": "string"
}

Delete the receiver configuration.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>

Responses

Get a list of configured secrets for specified receiver.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
query Parameters
PageNumber
integer <int32>
PageSize
integer <int32>

Responses

Response samples

Content type
No sample

Read properties and relationships of configured secret for the specified receiver.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretId
required
string <uuid>

Responses

Response samples

Content type
No sample

Gets the list of policy keys of the receiver from Azure with the graph API

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretType
required
string

Responses

Response samples

Content type
No sample

Get a list of configured secrets for the specified receiver type.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretType
required
string
query Parameters
PageNumber
integer <int32>
PageSize
integer <int32>

Responses

Response samples

Content type
No sample

Create receiver secret configuration for the specified receiver.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretType
required
string
Request Body schema:

The body of the request.

displayName
string or null
keysetId
string or null

Responses

Request samples

Content type
{
  • "displayName": "string",
  • "keysetId": "string"
}

Response samples

Content type
No sample

Read properties and relationships of configured secret for the specified receiver type.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretType
required
string
SecretId
required
string <uuid>

Responses

Response samples

Content type
No sample

/api/Receivers/{Type}/{Id}/secrets/{SecretType}/{SecretId}

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretType
required
string
SecretId
required
string <uuid>
Request Body schema:
displayName
string or null

Responses

Request samples

Content type
{
  • "displayName": "string"
}

Delete the secret configuration for the specified receiver type.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretType
required
string
SecretId
required
string <uuid>

Responses

Gets the list of store secrets linked to the specified receiver secret.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretType
required
string
SecretId
required
string <uuid>

Responses

Response samples

Content type
No sample

Forces the update of the receiver secret value from latest secret store value. The secret should be mapped to a store secret.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretType
required
string
SecretId
required
string <uuid>

Responses

Scheduler

/api/Scheduler/jobs/types

Authorizations:
Entra ID

Responses

Response samples

Content type
No sample

/api/Scheduler/jobs

Authorizations:
Entra ID

Responses

Response samples

Content type
No sample

/api/Scheduler/jobs

Authorizations:
Entra ID
Request Body schema:
jobType
required
string or null
identity
required
string or null
cronExpression
required
string or null
triggerName
string or null
triggerGroup
string or null

Responses

Request samples

Content type
{
  • "jobType": "string",
  • "identity": "string",
  • "cronExpression": "string",
  • "triggerName": "string",
  • "triggerGroup": "string"
}

/api/Scheduler/jobs/{identity}

Authorizations:
Entra ID
path Parameters
identity
required
string^[A-Za-z]*$

Responses

Response samples

Content type
No sample

/api/Scheduler/jobs/{identity}

Authorizations:
Entra ID
path Parameters
identity
required
string^[A-Za-z]*$
Request Body schema:
cronExpression
required
string or null

Responses

Request samples

Content type
{
  • "cronExpression": "string"
}

/api/Scheduler/jobs/{identity}

Authorizations:
Entra ID
path Parameters
identity
required
string^[A-Za-z]*$

Responses

/api/Scheduler/jobs/{identity}/run

Authorizations:
Entra ID
path Parameters
identity
required
string^[A-Za-z]*$

Responses

Stores

Gets the paginated list of stores of all types.

Authorizations:
Entra ID
query Parameters
PageNumber
integer <int32>
PageSize
integer <int32>

Responses

Response samples

Content type
No sample

Create store configuration.

Authorizations:
Entra ID
Request Body schema:

The body of the request.

type
required
string or null
displayName
required
string or null
credentialId
required
string <uuid>
endpoint
string or null
tenantId
string or null

Responses

Request samples

Content type
{
  • "type": "string",
  • "displayName": "string",
  • "credentialId": "f568fec0-10b6-4b94-9daf-e62c50c9bf3e",
  • "endpoint": "string",
  • "tenantId": "string"
}

Response samples

Content type
No sample

Gets a secret store by Id

Authorizations:
Entra ID
path Parameters
Id
required
string <uuid>

Responses

Response samples

Content type
No sample

Update properties of the store

Authorizations:
Entra ID
path Parameters
Id
required
string <uuid>
Request Body schema:

Specification of the changes to be applied to the resource

displayName
string or null
endpoint
string or null
tenantId
string or null
credentialId
string or null <uuid>

Responses

Request samples

Content type
{
  • "displayName": "string",
  • "endpoint": "string",
  • "tenantId": "string",
  • "credentialId": "f568fec0-10b6-4b94-9daf-e62c50c9bf3e"
}

Delete the store configuration.

Authorizations:
Entra ID
path Parameters
Id
required
string <uuid>

Responses

Gets the paginated list of stores.

Authorizations:
Entra ID
path Parameters
Type
required
string
query Parameters
PageNumber
integer <int32>
PageSize
integer <int32>

Responses

Response samples

Content type
No sample

Create store configuration.

Authorizations:
Entra ID
path Parameters
Type
required
string
Request Body schema:

The body of the request.

displayName
required
string or null
credentialId
required
string <uuid>
endpoint
string or null
tenantId
string or null

Responses

Request samples

Content type
{
  • "displayName": "string",
  • "credentialId": "f568fec0-10b6-4b94-9daf-e62c50c9bf3e",
  • "endpoint": "string",
  • "tenantId": "string"
}

Response samples

Content type
No sample

Read properties and relationships of the store.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>

Responses

Response samples

Content type
No sample

/api/Stores/{Type}/{Id}

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
Request Body schema:
displayName
string or null
endpoint
string or null
tenantId
string or null
credentialId
string or null <uuid>

Responses

Request samples

Content type
{
  • "displayName": "string",
  • "endpoint": "string",
  • "tenantId": "string",
  • "credentialId": "f568fec0-10b6-4b94-9daf-e62c50c9bf3e"
}

Delete the store configuration.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>

Responses

Get a list of configured secrets for specified store.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
query Parameters
PageNumber
integer <int32>
PageSize
integer <int32>

Responses

Response samples

Content type
No sample

Read properties and relationships of configured secret for the specified store.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretId
required
string <uuid>

Responses

Response samples

Content type
No sample

Gets the paginated list of all the secrets from all stores

Authorizations:
Entra ID
path Parameters
Type
required
string
SecretType
required
string

Responses

Response samples

Content type
No sample

Retrieves the list of secrets from the azure key vault

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretType
required
string

Responses

Response samples

Content type
No sample

Get a list of configured secrets for the specified store type.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretType
required
string
query Parameters
PageNumber
integer <int32>
PageSize
integer <int32>

Responses

Response samples

Content type
No sample

Create store secret configuration for the specified store.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretType
required
string
Request Body schema:

The body of the request.

keyVaultItemId
required
string or null

Responses

Request samples

Content type
{
  • "keyVaultItemId": "string"
}

Response samples

Content type
No sample

Read properties and relationships of configured secret for the specified store type.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretType
required
string
SecretId
required
string <uuid>

Responses

Response samples

Content type
No sample

Delete the secret configuration for the specified store type.

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretType
required
string
SecretId
required
string <uuid>

Responses

Retrieves the provider secret and receiver secrets mapped to the store secret

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretType
required
string
SecretId
required
string <uuid>

Responses

Response samples

Content type
No sample

Maps a store secret to a provider secret and/or one or more receiver secrets

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretType
required
string
SecretId
required
string <uuid>
Request Body schema:

The body of the request

providerSecretId
string or null <uuid>
receiverSecretsIds
Array of strings or null <uuid> [ items <uuid > ]

Responses

Request samples

Content type
{
  • "providerSecretId": "d2a68069-0c37-4ec7-ade8-6372e6f1eb7a",
  • "receiverSecretsIds": [
    ]
}

Checks for the mapped provider and generates a new client secret then updates the secret value in the secret store (KeyVault), then checks for the receiver that is mapped to the secret link and auto-updates policy key value

Authorizations:
Entra ID
path Parameters
Type
required
string
Id
required
string <uuid>
SecretType
required
string
SecretId
required
string <uuid>
query Parameters
validDays
integer <int32>

The valid dates of the new secret

Responses

Test

/api/Test/jobs/SecretExpirationMonitor/schedule

Authorizations:
Entra ID

Responses

Response samples

Content type
No sample

/api/Test/jobs/SecretExpirationMonitor/schedule

Authorizations:
Entra ID
Request Body schema:
cronExpression
required
string or null

Responses

Request samples

Content type
{
  • "cronExpression": "string"
}

/api/Test/NotificationSettings

Authorizations:
Entra ID

Responses

Response samples

Content type
No sample

/api/Test/NotificationSettings

Authorizations:
Entra ID
Request Body schema:
id
string <uuid>
selectedNotifierId
string <uuid>
emailFrom
required
string or null

Responses

Request samples

Content type
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "selectedNotifierId": "2acf9576-008c-4eb6-9e45-04fdedb423bf",
  • "emailFrom": "string"
}

/api/Test/NotificationSettings/{id}/recipients

Authorizations:
Entra ID
path Parameters
id
required
string <uuid>

Responses

Response samples

Content type
No sample

/api/Test/NotificationSettings/recipients

Authorizations:
Entra ID
Request Body schema:
id
string <uuid>
newRecipientEmail
required
string or null

Responses

Request samples

Content type
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "newRecipientEmail": "string"
}

/api/Test/NotificationSettings/recipients

Authorizations:
Entra ID
Request Body schema:
id
string <uuid>
recipientEmail
required
string or null

Responses

Request samples

Content type
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "recipientEmail": "string"
}

/api/Test/Email/SendTemplate

Authorizations:
Entra ID
Request Body schema:
subject
required
string or null
template
required
string or null
data
required
any or null

Responses

Request samples

Content type
{
  • "subject": "string",
  • "template": "string",
  • "data": null
}

/api/Test/Secret/{id}/Notifications/toggle

Authorizations:
Entra ID
path Parameters
id
required
string <uuid>

Responses

/api/Test/Secret/{id}/Autorotate/toggle

Authorizations:
Entra ID
path Parameters
id
required
string <uuid>

Responses

/api/Test/Secret/{id}/settings

Authorizations:
Entra ID
path Parameters
id
required
string <uuid>

Responses

/api/Test/LinkProviderSecret

Authorizations:
Entra ID
Request Body schema:
storeSecretId
string <uuid>
providerSecretType
required
string or null
providerId
string <uuid>
appId
string <uuid>
credentialName
required
string or null
validDays
number or null <double>

Responses

Request samples

Content type
{
  • "storeSecretId": "6bc5af38-fd04-4a96-b5cf-95e4dc11dfce",
  • "providerSecretType": "string",
  • "providerId": "4834bcdc-4a64-444d-966b-1a6fe381da24",
  • "appId": "28c365d5-df94-4a54-8217-3ce51d068868",
  • "credentialName": "string",
  • "validDays": 0.1
}

/api/Test/LinkReceiverSecret

Authorizations:
Entra ID
Request Body schema:
storeSecretId
string <uuid>
receiverSecretType
required
string or null
receiverId
string <uuid>
keySetId
required
string or null

Responses

Request samples

Content type
{
  • "storeSecretId": "6bc5af38-fd04-4a96-b5cf-95e4dc11dfce",
  • "receiverSecretType": "string",
  • "receiverId": "2ec2e5a9-5968-4568-baf3-a525f7f8b9a6",
  • "keySetId": "string"
}