Skip to content

Duplicate KID

URI: https://docs.ankatech.co/errors/duplicate-kid
HTTP Status: 409 Conflict

When you see this

You tried to create, import, or register a key under a key identifier (kid) that already exists. Key identifiers must be unique within a tenant.

Common Causes

  • Generating a new key with a kid already in use.
  • Importing a keystore whose alias maps to an existing kid.
  • Re-running a provisioning script that creates the same kid twice.

Response Example

{
  "type": "https://docs.ankatech.co/errors/duplicate-kid",
  "title": "Duplicate KID",
  "status": 409,
  "detail": "A key with kid 'my-mlkem-key' already exists for this tenant.",
  "instance": "/api/v3/keys",
  "correlationId": "550e8400-e29b-41d4-a716-446655440000",
  "timestamp": 1730000000
}

Content-Type: application/problem+json — the response follows RFC 7807 Problem Details.

How to Resolve

  1. Choose a different, unique kid for the new key.
  2. If you intended to replace the key, use the rotation endpoint instead of creating a new one under the same kid.
  3. List existing keys (GET /api/v3/keys) to confirm which identifiers are already taken, then re-submit.

For full schema definitions, examples, and interactive testing, see the Developer Hub Reference.