I think it would be interesting to update the documentation, informing that the publicKeyId field needs to be obtained through the query-password-info endpoint.
I had some difficulties regarding the use of this endpoint, mainly in the creation of the encryption.
Using python I was only able to do this using PKCS#1 v1.5 padding for encryption. And I only discovered this by asking for help on stackoverflow, because in most RSA examples, we only found the PKCS1_OAEP option for public key, which was the one I used first but it doesn’t work.