Skip to content

Rotation Security Downgrade

URI: https://docs.ankatech.co/errors/rotate-security-downgrade
HTTP Status: 422 Unprocessable Entity

When you see this

The requested rotation target offers a lower security level than the current key. Rotation must not downgrade cryptographic strength.

Common Causes

  • Rotating a higher-strength key (for example ML-KEM-1024) to a lower-strength algorithm.
  • Selecting a classical algorithm as the rotation target for a post-quantum key.
  • Choosing a target whose security level is below the source key's level.

Response Example

{
  "type": "https://docs.ankatech.co/errors/rotate-security-downgrade",
  "title": "Rotation Security Downgrade",
  "status": 422,
  "detail": "Rotation target 'RSA-2048' is a security downgrade from the current key. Choose an equal or stronger algorithm.",
  "instance": "/api/v3/keys/my-mlkem-key/rotate",
  "correlationId": "550e8400-e29b-41d4-a716-446655440000",
  "timestamp": 1730000000
}

Content-Type: application/problem+json — the response follows RFC 7807 Problem Details.

How to Resolve

  1. Select a rotation target whose security level is equal to or greater than the current key.
  2. Consult the algorithm-selection guidance in the Developer Hub Reference for equivalent or stronger options.
  3. Re-submit the rotation with the stronger target.

For full schema definitions, examples, and interactive testing, see the Developer Hub Reference.