I would say, using something that doesn't belong to you as a primary key considered harmful. Create or update is a good pattern for robustness (eg so a troubleshooting user won't brick the app by deleting or renaming the key), if you can guarantee the uniqueness of the primary key. You can't constrain some identifier from a different system.