Method: users.settings.cse.keypairs.create
Stay organized with collections
Save and categorize content based on your preferences.
Creates and uploads a client-side encryption S/MIME public key certificate chain and private key metadata for the authenticated user.
For administrators managing identities and keypairs for users in their organization, requests require authorization with a service account that has domain-wide delegation authority to impersonate users with the https://www.googleapis.com/auth/gmail.settings.basic scope.
For users managing their own identities and keypairs, requests require hardware key encryption turned on and configured.
HTTP request
POST https://gmail.googleapis.com/gmail/v1/users/{userId}/settings/cse/keypairs
The URL uses gRPC Transcoding syntax.
Path parameters
| Parameters |
userId |
string
The requester's primary email address. To indicate the authenticated user, you can use the special value me.
|
Request body
The request body contains an instance of CseKeyPair.
Response body
If successful, the response body contains a newly created instance of CseKeyPair.
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/gmail.settings.basic
https://www.googleapis.com/auth/gmail.settings.sharing
For more information, see the Authorization guide.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-06-12 UTC.
[null,null,["Last updated 2025-06-12 UTC."],[],[],null,["# Method: users.settings.cse.keypairs.create\n\n- [HTTP request](#body.HTTP_TEMPLATE)\n- [Path parameters](#body.PATH_PARAMETERS)\n- [Request body](#body.request_body)\n- [Response body](#body.response_body)\n- [Authorization scopes](#body.aspect)\n- [Try it!](#try-it)\n\nCreates and uploads a client-side encryption S/MIME public key certificate chain and private key metadata for the authenticated user.\n\nFor administrators managing identities and keypairs for users in their organization, requests require authorization with a [service account](https://developers.google.com/identity/protocols/OAuth2ServiceAccount) that has [domain-wide delegation authority](https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority) to impersonate users with the `https://www.googleapis.com/auth/gmail.settings.basic` scope.\n\nFor users managing their own identities and keypairs, requests require [hardware key encryption](https://support.google.com/a/answer/14153163) turned on and configured.\n\n### HTTP request\n\n`POST https://gmail.googleapis.com/gmail/v1/users/{userId}/settings/cse/keypairs`\n\nThe URL uses [gRPC Transcoding](https://google.aip.dev/127) syntax.\n\n### Path parameters\n\n| Parameters ||\n|----------|-------------------------------------------------------------------------------------------------------------------------|\n| `userId` | `string` The requester's primary email address. To indicate the authenticated user, you can use the special value `me`. |\n\n### Request body\n\nThe request body contains an instance of [CseKeyPair](/workspace/gmail/api/reference/rest/v1/users.settings.cse.keypairs#CseKeyPair).\n\n### Response body\n\nIf successful, the response body contains a newly created instance of [CseKeyPair](/workspace/gmail/api/reference/rest/v1/users.settings.cse.keypairs#CseKeyPair).\n\n### Authorization scopes\n\nRequires one of the following OAuth scopes:\n\n- `https://www.googleapis.com/auth/gmail.settings.basic`\n- `\n https://www.googleapis.com/auth/gmail.settings.sharing`\n\nFor more information, see the [Authorization guide](/workspace/guides/configure-oauth-consent)."]]
