createSigningKey: eBay Key Management API

POST/signing_key

This method creates keypairs using one of the following ciphers:

ED25519 (Edwards Curve)
RSA

Note: The recommended signature cipher is ED25519 (Edwards Curve) since it uses much shorter keys and therefore decreases the header size. However, for development frameworks that do not support ED25519, RSA is also supported.
Following a successful completion, the following keys are returned:

Private Key
Public Key
Public Key as JWE

Once keypairs are created, developers are strongly advised to create and store a local copy of each keypair for future reference. Although the Public Key, Public Key as JWE, and metadata for keypairs may be retrieved by the getSigningKey and getSigningKeys methods, in order to further ensure the security of confidential client information, eBay does not store the Private Key value in any system. If a developer loses their Private Key they must generate new keypairs using the createSigningKey method.
Note: For additional information about using keypairs, refer to Digital Signatures for APIs.

Input

Resource URI

POST https://apiz.ebay.com/developer/key_management/v1/signing_key

This method is supported in Sandbox environment. To access the endpoint, just replace the apiz.ebay.com root URI with apiz.sandbox.ebay.com

URI parameters

This method has no URI parameters.

HTTP request headers

All requests made to eBay REST operations require you to provide the Authorization HTTP header for authentication authorization.

The table below shows additional HTTP request headers that are either required, conditionally required, or strongly recommended for this method. Other standard HTTP request headers- opens rest request components page (not in this table) can also be used, but they are optional.

Header	Type	Description
Content-Type	string	This header indicates the format of the request body provided by the client. Its value should be set to application/json. For more information, refer to HTTP request headers. Occurrence: Required

Header

Type

Description

Content-Type

string

This header indicates the format of the request body provided by the client. Its value should be set to application/json.

For more information, refer to HTTP request headers.

Occurrence: Required

OAuth scope

This request requires an access token created with the client credentials grant flow, using one or more scopes from the following list (please check your Application Keys page for a list of OAuth scopes available to your application):

https://api.ebay.com/oauth/api_scope

See OAuth access tokens for more information.

Request payload

Copy complete valid JSON to clipboard

{ /* CreateSigningKeyRequest */

"signingKeyCipher" : "SigningKeyCipher : [ED25519,RSA]"

}

Request fields

Input container/field	Type	Description
signingKeyCipher	SigningKeyCipher	The enumerated value for the cipher to be used to create the signing key. Refer to SigningKeyCiper for the list of supported enum values. Occurrence: Required

Input container/field

Type

Description

signingKeyCipher

SigningKeyCipher

The enumerated value for the cipher to be used to create the signing key. Refer to SigningKeyCiper for the list of supported enum values.

Occurrence: Required

Output

HTTP response headers

This call has no response headers.

Response payload

Copy complete valid JSON to clipboard

{ /* SigningKey */

"creationTime" : "integer",

"expirationTime" : "integer",

"jwe" : "string",

"privateKey" : "string",

"publicKey" : "string",

"signingKeyCipher" : "SigningKeyCipher : [ED25519,RSA]",

"signingKeyId" : "string"

}

Response fields

Output container/field	Type	Description
creationTime	integer	The UNIX timestamp when the `SigningKey` was created. This time is represented as the number of seconds from "1970-01-01T00:00:00Z", as measured in UTC, until the date and time the `SigningKey` was created. Occurrence: Always
expirationTime	integer	The UNIX timestamp when the `SigningKey` expires. This time is represented as the number of seconds from "1970-01-01T00:00:00Z", as measured in UTC, until the date and time the `SigningKey` expires. Note: All keys have an expiration date of three (3) years after their `creationTime`. Occurrence: Always
jwe	string	This is the JSON Web Encrypted (JWE) value for the `publicKey`. Occurrence: Always
privateKey	string	This is the Private Key that has been generated using the specified `signingKeyCipher`. Note: The `privateKey` value will only be returned in the response payload of the `createSigningKey` method. It will never be returned by the `getSigningKey` or `getSigningKeys` methods.Developers are strongly advised to download their `privateKey` value as Privacy Enhance Mail (PEM) format and store it locally for future reference. In order to guarantee the security of confidential client information, eBay does not store `privateKey` values on any system. Note: If a developer loses their `privateKey` they must generate new keypairs set using the `createSigningKey` method. Occurrence: Conditional
publicKey	string	This is the Public Key that has been generated using the specified `signingKeyCipher`. As a matter of good practice, developers are strongly advised to download this value and store it locally for safe-keeping and future reference. Occurrence: Always
signingKeyCipher	SigningKeyCipher	Indicates the cipher used to create the keypairs. Refer to SigningKeyCiper for the list of supported enum values. Occurrence: Always
signingKeyId	string	The system-generated eBay ID for the keypairs. Occurrence: Always

HTTP status codes

This call can return one of the following HTTP status codes. For an overview of the status codes, see HTTP status codes in Using eBay RESTful APIs.

Status	Meaning
200	OK
400	Bad Request
401	Unauthorized
403	Forbidden
500	Internal Server Error

Error codes

For more on errors, plus the codes of other common errors, see Handling errors.

Code	Domain	Category	Meaning
210000	API_KEYS	APPLICATION	There was a problem with an eBay internal system or process. Contact eBay developer support for assistance.
210001	API_KEYS	REQUEST	You must supply a valid signing key cipher. Allowed values are ED25519 and RSA.
210005	API_KEYS	REQUEST	You must request with a token having valid application client id.
210006	API_KEYS	REQUEST	You must request for new signing key with valid request payload.

Warnings

This call has no warnings.

Samples

New to making API calls? Please see Making a Call.

Note: Identifiers, such as order IDs or user IDs, and personal data in these samples might be anonymized or may no longer be active on eBay. If necessary, substitute current, relevant eBay data in your requests.

Sample 1: Create Keypairs Using an Ed25519 Cipher

This sample creates Private Key, Public Key, and Public Key as JWE keypairs using an Ed25519 cipher.

Note: Once keypairs are created, developers are strongly advised to create and store a local copy of each keypair for future reference. Although the Public Key, Public Key as JWE, and metadata for keypairs may be retrieved using the getSigningKey and getSigningKeys methods, in order to further ensure the security of confidential client information, eBay does not store the Private Key value in any system. If a developer loses their Private Key they must generate new keypairs using the createSigningKey method.

Input

This method requires the signingKeyCipher enum value for the cipher to be used to generate the new keypairs. For this example, an Ed25519 cipher is specified.

POSThttps://apiz.ebay.com/developer/key_management/v1/signing_key

Output

A successful call returns the HTTP status code 200 OK.

The response payload includes the Private Key, Public Key, Public Key as JWE, and additional metadata.