How to get AppKey using Microsoft Graph API

I'm creating new application using

POST https://graph.microsoft.com/beta/applications

I can get the AppId back, but can't find a way to get the AppKey. I would like to access that app later using application credentials.

Update: That what I send as password credential during the application creation:

  newAppObj.passwordCredentials = new List<AOBJ.AzurePasswordCredential>(){
            new AOBJ.AzurePasswordCredential()
            {
                customKeyIdentifier = "T1rEXhNmUUmVqimnBPkirw==",
                keyId = Guid.NewGuid().ToString(),
                value = "WgjbF8vG3GM1XRGpc43fvtiO7ScpTGwh0jd6CjIRd40dCX3kP8LMlCdcrrEPBRidI4CXW1OCnSQJQxOzX+oIUw==",
                startDate ="2016-06-01T13:59:30Z",// DateTimeOffset.UtcNow,
                endDate = "2017-06-02T13:59:30Z"//DateTimeOffset.UtcNow.AddYears(2)
            }
        };

When I then generate authorization token using the secret key that I set before as value, I get this response back, when trying to use is to call MicrosoftGraph API:

    {
  "error": {
    "code": "Authorization_IdentityNotFound",
    "message": "The identity of the calling application could not be established.",
    "innerError": {
      "request-id": "42d3f97d-5ccb-4680-a6c2-dceb160d19c7",
      "date": "2016-06-02T21:03:31"
    }
  }
}

When I create the secret key manually via Azure portal, the api call works fine.

Update 2:

So, turned out that the POST to create application didn't create the underlying ServicePrincipal object. I had to create it after the application was created.

 var servicePrincipal = O365OutlookClient.GetServicePrincipalForApp(InOnBoardingToken, createdAppObj.appId);
               if (servicePrincipal== null || servicePrincipal.appId==null)
               {
                   var servicePrincipalObj = new AOBJ.AzureServicePrincipal();
                   servicePrincipalObj.appId = createdAppObj.appId;
                   servicePrincipalObj.displayName = createdAppObj.displayName;
                   servicePrincipalObj.accountEnabled = true;
                   var servicePrincipalJson = O365OutlookClient.PostServicePrincipalSync(InOnBoardingToken, servicePrincipalObj);
               }

Application password credentials need to be generated and set by you (either when you create the application, or later as a PATCH to the application). You can do this by generating a strong random value, creating a passwordCredential and adding it to the passwordCredentials collection:

{
  /* ... */
  "passwordCredentials": [
    {
      "customKeyIdentifier": "T1rEXhNmUUmVqimnBPkirw==",
      "endDate": "2016-06-02T13:59:30Z",
      "keyId": "e4003ae7-15be-487a-92d7-5d75aafdb4dc",
      "startDate": "2016-06-02T13:59:30Z",
      "value": "WgjbF8vG3GM1XRGpc43fvtiO7ScpTGwh0jd6CjIRd40dCX3kP8LMlCdcrrEPBRidI4CXW1OCnSQJQxOzX+oIUw=="
    }
  ]
  /* ... */
}

customKeyIdentifier is a base64-encoded byte array (can be whatever you want), keyId is a newly-generated Guid, and startDate and endDate are the dates in which the password credential are valid. The actual secret key is stored in value.