---
title: AndroidKeyAttestation
description: Resource path:
component: pingam
version: 8.1
page_id: pingam:entity-reference:sec-amster-entity-androidkeyattestation
canonical_url: https://docs.pingidentity.com/pingam/8.1/entity-reference/sec-amster-entity-androidkeyattestation.html
section_ids:
sec-amster-entity-androidkeyattestation-realm-ops: Realm Operations
sec-amster-entity-androidkeyattestation-realm-ops-create: create
sec-amster-entity-androidkeyattestation-realm-ops-delete: delete
sec-amster-entity-androidkeyattestation-realm-ops-getalltypes: getAllTypes
sec-amster-entity-androidkeyattestation-realm-ops-getcreatabletypes: getCreatableTypes
sec-amster-entity-androidkeyattestation-realm-ops-nextdescendents: nextdescendents
sec-amster-entity-androidkeyattestation-realm-ops-read: read
sec-amster-entity-androidkeyattestation-realm-ops-update: update
sec-amster-entity-androidkeyattestation-global-ops: Global Operations
sec-amster-entity-androidkeyattestation-global-ops-getalltypes: getAllTypes
sec-amster-entity-androidkeyattestation-global-ops-getcreatabletypes: getCreatableTypes
sec-amster-entity-androidkeyattestation-global-ops-nextdescendents: nextdescendents
sec-amster-entity-androidkeyattestation-global-ops-read: read
sec-amster-entity-androidkeyattestation-global-ops-update: update
---
# AndroidKeyAttestation
## Realm Operations
Resource path:
```
/realm-config/services/androidKeyAttestation
```
Resource version: `0.0`
### create
**Usage**
```
am> create AndroidKeyAttestation --realm Realm --body body
```
**Parameters**
* *\--body*
The resource in JSON format, described by the following JSON schema:
```json
{
"type" : "object",
"properties" : {
"crlUrl" : {
"title" : "Certificate revocation status list URL",
"description" : "The URL to retrieve the certificate revocation status list (CRL).
Keys are checked against the revocation status list to ensure they have not been revoked or suspended. Keys can be revoked for a number of reasons, including mishandling or suspected extraction by an attacker. Defaults to the list maintained by Google. Refer to https://android.googleapis.com/attestation/status",
"propertyOrder" : 100,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"publicKeyUrl" : {
"title" : "Google hardware attestation root certificate URL",
"description" : "[Optional] The URL to retrieve the Google hardware attestation root certificate.
The root certificate of the chain is validated against builtin certificates provided by Google. Refer to Verifying hardware-backed key pairs with Key Attestation | Android Developers. You can override these defaults by providing the URL to a different hardware attestation certificate. The built-in certificates are used if this property is empty or a certificate cannot be obtained from the URL provided.",
"propertyOrder" : 200,
"required" : false,
"type" : "string",
"exampleValue" : ""
}
}
}
```
### delete
**Usage**
```
am> delete AndroidKeyAttestation --realm Realm
```
### getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
**Usage**
```
am> action AndroidKeyAttestation --realm Realm --actionName getAllTypes
```
### getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
**Usage**
```
am> action AndroidKeyAttestation --realm Realm --actionName getCreatableTypes
```
### nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
**Usage**
```
am> action AndroidKeyAttestation --realm Realm --actionName nextdescendents
```
### read
**Usage**
```
am> read AndroidKeyAttestation --realm Realm
```
### update
**Usage**
```
am> update AndroidKeyAttestation --realm Realm --body body
```
**Parameters**
* *\--body*
The resource in JSON format, described by the following JSON schema:
```json
{
"type" : "object",
"properties" : {
"crlUrl" : {
"title" : "Certificate revocation status list URL",
"description" : "The URL to retrieve the certificate revocation status list (CRL).
Keys are checked against the revocation status list to ensure they have not been revoked or suspended. Keys can be revoked for a number of reasons, including mishandling or suspected extraction by an attacker. Defaults to the list maintained by Google. Refer to https://android.googleapis.com/attestation/status",
"propertyOrder" : 100,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"publicKeyUrl" : {
"title" : "Google hardware attestation root certificate URL",
"description" : "[Optional] The URL to retrieve the Google hardware attestation root certificate.
The root certificate of the chain is validated against builtin certificates provided by Google. Refer to Verifying hardware-backed key pairs with Key Attestation | Android Developers. You can override these defaults by providing the URL to a different hardware attestation certificate. The built-in certificates are used if this property is empty or a certificate cannot be obtained from the URL provided.",
"propertyOrder" : 200,
"required" : false,
"type" : "string",
"exampleValue" : ""
}
}
}
```
## Global Operations
Resource path:
```
/global-config/services/androidKeyAttestation
```
Resource version: `1.0`
### getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
**Usage**
```
am> action AndroidKeyAttestation --global --actionName getAllTypes
```
### getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
**Usage**
```
am> action AndroidKeyAttestation --global --actionName getCreatableTypes
```
### nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
**Usage**
```
am> action AndroidKeyAttestation --global --actionName nextdescendents
```
### read
**Usage**
```
am> read AndroidKeyAttestation --global
```
### update
**Usage**
```
am> update AndroidKeyAttestation --global --body body
```
**Parameters**
* *\--body*
The resource in JSON format, described by the following JSON schema:
```json
{
"type" : "object",
"properties" : {
"cacheDuration" : {
"title" : "Cache duration (hours)",
"description" : "The number of hours to cache the Certificate revocation status list and Google hardware attestation root certificate.
Defaults to one day (24). Specify 0 to prevent caching.",
"propertyOrder" : 200,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"defaults" : {
"properties" : {
"publicKeyUrl" : {
"title" : "Google hardware attestation root certificate URL",
"description" : "[Optional] The URL to retrieve the Google hardware attestation root certificate.
The root certificate of the chain is validated against builtin certificates provided by Google. Refer to Verifying hardware-backed key pairs with Key Attestation | Android Developers. You can override these defaults by providing the URL to a different hardware attestation certificate. The built-in certificates are used if this property is empty or a certificate cannot be obtained from the URL provided.",
"propertyOrder" : 200,
"required" : false,
"type" : "string",
"exampleValue" : ""
},
"crlUrl" : {
"title" : "Certificate revocation status list URL",
"description" : "The URL to retrieve the certificate revocation status list (CRL).
Keys are checked against the revocation status list to ensure they have not been revoked or suspended. Keys can be revoked for a number of reasons, including mishandling or suspected extraction by an attacker. Defaults to the list maintained by Google. Refer to https://android.googleapis.com/attestation/status",
"propertyOrder" : 100,
"required" : true,
"type" : "string",
"exampleValue" : ""
}
},
"type" : "object",
"title" : "Realm Defaults"
}
}
}
```