> ## Documentation Index
> Fetch the complete documentation index at: https://cantonfoundation-fix-875-html-entity-rendering.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# POST /v2/idps

> Create a new identity provider configuration.
The request will fail if the maximum allowed number of separate configurations is reached.



## OpenAPI

````yaml /openapi/json-ledger-api/openapi.yaml post /v2/idps
openapi: 3.0.3
info:
  title: JSON Ledger API HTTP endpoints
  version: 3.5.6
  description: >-
    This specification version fixes the API inconsistencies where certain
    fields marked as required in the spec are in fact optional.

    If you use code generation tool based on this file, you might need to adjust
    the existing application code to handle those fields as optional.

    If you do not want to change your client code, continue using the OpenAPI
    specification for the latest Canton 3.4 patch release.

    MINIMUM_CANTON_VERSION=3.5.6
servers: []
security: []
paths:
  /v2/idps:
    post:
      summary: POST /v2/idps
      description: >-
        Create a new identity provider configuration.

        The request will fail if the maximum allowed number of separate
        configurations is reached.
      operationId: postV2Idps
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateIdentityProviderConfigRequest'
        required: true
      responses:
        '200':
          description: ''
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CreateIdentityProviderConfigResponse'
        '400':
          description: 'Invalid value, Invalid value for: body'
          content:
            text/plain:
              schema:
                type: string
        default:
          description: ''
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/JsCantonError'
      security:
        - httpAuth: []
        - apiKeyAuth: []
components:
  schemas:
    CreateIdentityProviderConfigRequest:
      title: CreateIdentityProviderConfigRequest
      type: object
      required:
        - identityProviderConfig
      properties:
        identityProviderConfig:
          $ref: '#/components/schemas/IdentityProviderConfig'
          description: Required
    CreateIdentityProviderConfigResponse:
      title: CreateIdentityProviderConfigResponse
      type: object
      required:
        - identityProviderConfig
      properties:
        identityProviderConfig:
          $ref: '#/components/schemas/IdentityProviderConfig'
          description: Required
    JsCantonError:
      title: JsCantonError
      type: object
      required:
        - code
        - cause
        - context
        - errorCategory
      properties:
        code:
          type: string
        cause:
          type: string
        correlationId:
          type: string
        traceId:
          type: string
        context:
          $ref: '#/components/schemas/Map_String'
        resources:
          type: array
          items:
            $ref: '#/components/schemas/Tuple2_String_String'
        errorCategory:
          type: integer
          format: int32
        grpcCodeValue:
          type: integer
          format: int32
        retryInfo:
          type: string
        definiteAnswer:
          type: boolean
    IdentityProviderConfig:
      title: IdentityProviderConfig
      type: object
      required:
        - identityProviderId
        - issuer
        - jwksUrl
      properties:
        identityProviderId:
          description: |-
            The identity provider identifier
            Must be a valid LedgerString (as describe in ``value.proto``).

            Required
          type: string
        isDeactivated:
          description: >-
            When set, the callers using JWT tokens issued by this identity
            provider are denied all access

            to the Ledger API.

            Modifiable


            Optional
          type: boolean
        issuer:
          description: >-
            Specifies the issuer of the JWT token.

            The issuer value is a case sensitive URL using the https scheme that
            contains scheme, host,

            and optionally, port number and path components and no query or
            fragment components.

            Modifiable


            Can be left empty when used in `UpdateIdentityProviderConfigRequest`
            if the issuer is not being updated.


            Required
          type: string
        jwksUrl:
          description: >-
            The JWKS (JSON Web Key Set) URL.

            The Ledger API uses JWKs (JSON Web Keys) from the provided URL to
            verify that the JWT has been

            signed with the loaded JWK. Only RS256 (RSA Signature with SHA-256)
            signing algorithm is supported.

            Modifiable


            Required
          type: string
        audience:
          description: >-
            Specifies the audience of the JWT token.

            When set, the callers using JWT tokens issued by this identity
            provider are allowed to get an access

            only if the "aud" claim includes the string specified here

            Modifiable


            Optional
          type: string
    Map_String:
      title: Map_String
      type: object
      additionalProperties:
        type: string
    Tuple2_String_String:
      title: Tuple2_String_String
      type: array
      maxItems: 2
      minItems: 2
      items:
        type: string
  securitySchemes:
    httpAuth:
      type: http
      description: Ledger API standard JWT token
      scheme: bearer
    apiKeyAuth:
      type: apiKey
      description: Ledger API standard JWT token (websocket)
      name: Sec-WebSocket-Protocol
      in: header

````