Skip to main content

POST/signing_key

This method creates keypairs using one of the following ciphers:

  • ED25519 (Edwards Curve)
  • RSA
Note: The recommended signature cipher is ED25519 (Edwards Curve) since it uses much shorter keys and therefore decreases the header size. However, for development frameworks that do not support ED25519, RSA is also supported.
Following a successful completion, the following keys are returned:
  • Private Key
  • Public Key
  • Public Key as JWE
Once keypairs are created, developers are strongly advised to create and store a local copy of each keypair for future reference. Although the Public Key, Public Key as JWE, and metadata for keypairs may be retrieved by the getSigningKey and getSigningKeys methods, in order to further ensure the security of confidential client information, eBay does not store the Private Key value in any system. If a developer loses their Private Key they must generate new keypairs using the createSigningKey method.
Note: For additional information about using keypairs, refer to Digital Signatures for APIs.

Input

Resource URI

POST https://apiz.ebay.com/developer/key_management/v1/signing_key

This method is supported in Sandbox environment. To access the endpoint, just replace the apiz.ebay.com root URI with apiz.sandbox.ebay.com

URI parameters

This method has no URI parameters.

HTTP request headers

All requests made to eBay REST operations require you to provide the Authorization HTTP header for authentication authorization.

The table below shows additional HTTP request headers that are either required, conditionally required, or strongly recommended for this method. Other standard HTTP request headers- opens rest request components page (not in this table) can also be used, but they are optional.

HeaderTypeDescription
Content-TypestringThis header indicates the format of the request body provided by the client. Its value should be set to application/json.

For more information, refer to HTTP request headers.

Occurrence: Required

OAuth scope

This request requires an access token created with the client credentials grant flow, using one or more scopes from the following list (please check your Application Keys page for a list of OAuth scopes available to your application):

https://api.ebay.com/oauth/api_scope

See OAuth access tokens for more information.

Request payload

Copy complete valid JSON to clipboard

Request fields

Input container/fieldTypeDescription
signingKeyCipherSigningKeyCipher

The enumerated value for the cipher to be used to create the signing key. Refer to SigningKeyCiper for the list of supported enum values.

Occurrence: Required

Output

HTTP response headers

This call has no response headers.

Response payload

Response fields

Output container/fieldTypeDescription
creationTimeinteger

The UNIX timestamp when the SigningKey was created. This time is represented as the number of seconds from "1970-01-01T00:00:00Z", as measured in UTC, until the date and time the SigningKey was created.

Occurrence: Always

expirationTimeinteger

The UNIX timestamp when the SigningKey expires. This time is represented as the number of seconds from "1970-01-01T00:00:00Z", as measured in UTC, until the date and time the SigningKey expires.
Note: All keys have an expiration date of three (3) years after their creationTime.

Occurrence: Always

jwestring

This is the JSON Web Encrypted (JWE) value for the publicKey.

Occurrence: Always

privateKeystring

This is the Private Key that has been generated using the specified signingKeyCipher.
Note: The privateKey value will only be returned in the response payload of the createSigningKey method.

It will never be returned by the getSigningKey or getSigningKeys methods.
Developers are strongly advised to download their privateKey value as Privacy Enhance Mail (PEM) format and store it locally for future reference. In order to guarantee the security of confidential client information, eBay does not store privateKey values on any system.
Note: If a developer loses their privateKey they must generate new keypairs set using the createSigningKey method.

Occurrence: Conditional

publicKeystring

This is the Public Key that has been generated using the specified signingKeyCipher.

As a matter of good practice, developers are strongly advised to download this value and store it locally for safe-keeping and future reference.

Occurrence: Always

signingKeyCipherSigningKeyCipher

Indicates the cipher used to create the keypairs. Refer to SigningKeyCiper for the list of supported enum values.

Occurrence: Always

signingKeyIdstring

The system-generated eBay ID for the keypairs.

Occurrence: Always

HTTP status codes

This call can return one of the following HTTP status codes. For an overview of the status codes, see HTTP status codes in Using eBay RESTful APIs.

StatusMeaning
200OK
400Bad Request
401Unauthorized
403Forbidden
500Internal Server Error

Error codes

For more on errors, plus the codes of other common errors, see Handling errors.

CodeDomainCategoryMeaning
210000API_KEYSAPPLICATIONThere was a problem with an eBay internal system or process. Contact eBay developer support for assistance.
210001API_KEYSREQUESTYou must supply a valid signing key cipher. Allowed values are ED25519 and RSA.
210005API_KEYSREQUESTYou must request with a token having valid application client id.
210006API_KEYSREQUESTYou must request for new signing key with valid request payload.

Warnings

This call has no warnings.

Samples

New to making API calls? Please see Making a Call.

Note: Identifiers, such as order IDs or user IDs, and personal data in these samples might be anonymized or may no longer be active on eBay. If necessary, substitute current, relevant eBay data in your requests.

Sample 1: Create Keypairs Using an Ed25519 Cipher

This sample creates Private Key, Public Key, and Public Key as JWE keypairs using an Ed25519 cipher.

Note: Once keypairs are created, developers are strongly advised to create and store a local copy of each keypair for future reference. Although the Public Key, Public Key as JWE, and metadata for keypairs may be retrieved using the getSigningKey and getSigningKeys methods, in order to further ensure the security of confidential client information, eBay does not store the Private Key value in any system. If a developer loses their Private Key they must generate new keypairs using the createSigningKey method.

Input

This method requires the signingKeyCipher enum value for the cipher to be used to generate the new keypairs. For this example, an Ed25519 cipher is specified.

POSThttps://apiz.ebay.com/developer/key_management/v1/signing_key

Output

A successful call returns the HTTP status code 200 OK.

The response payload includes the Private Key, Public Key, Public Key as JWE, and additional metadata.

Got thoughts? Click the feedback button – your insights help us improve!