---
title: Key Management API
description: "Use the Key Management API to create and retrieve keypairs that are required when adding digital signatures to selected eBay API calls. The signing\\_key resource lets developers create new signing keypairs, retrieve a specific signing keypair by ID, and retrieve metadata for all signing keypairs associated with the application key making the call. The Key Management API is used for APIs that access confidential financial information and require a digital signature for HTTP calls made on behalf of EU/UK sellers."
api_version: 1.0
api_name: key_management_api
api_type: REST
api_group: sell/key_management_api
source_url:
  html: https://developer.ebay.com/develop/api/sell/key_management_api
  md: https://developer.ebay.com/develop/api/sell/key_management_api.md
---

# Key Management API API

Use the Key Management API to create and retrieve keypairs that are required when adding digital signatures to selected eBay API calls.

The signing\_key resource lets developers create new signing keypairs, retrieve a specific signing keypair by ID, and retrieve metadata for all signing keypairs associated with the application key making the call.

The Key Management API is used for APIs that access confidential financial information and require a digital signature for HTTP calls made on behalf of EU/UK sellers.

## API Methods

The following API methods are available:

### getSigningKeys

#### GET /signing_key
**Description:** This method returns the **Public Key**, **Public Key as JWE**, and metadata for all keypairs associated with the application key making the call.  
  
**Note:** It is important to note that `privateKey` values are **not** returned. In order to further ensure the security of confidential client information, eBay does **not** store `privateKey` values in any system. If a developer loses their `privateKey` they must generate new keypair set using the `createSigningKey` method.

### createSigningKey

#### POST /signing_key
**Description:** This method creates keypairs using one of the following ciphers:

*   ED25519 (Edwards Curve)
*   RSA

**Note:** The recommended signature cipher is **ED25519** (Edwards Curve) since it uses much shorter keys and therefore decreases the header size. However, for development frameworks that do not support ED25519, RSA is also supported.  
Following a successful completion, the following keys are returned:

*   Private Key
*   Public Key
*   Public Key as JWE

Once keypairs are created, developers are **strongly advised** to create and store a local copy of each keypair for future reference. Although the **Public Key**, **Public Key as JWE**, and metadata for keypairs may be retrieved by the `getSigningKey` and `getSigningKeys` methods, in order to further ensure the security of confidential client information, eBay does not store the **Private Key** value in any system. If a developer loses their **Private Key** they must generate new keypairs using the `createSigningKey` method.  
**Note:** For additional information about using keypairs, refer to [Digital Signatures for APIs](/develop/guides/digital-signatures-for-apis).
**Parameters:**
- **Content-Type** (string) *required*
  - This header indicates the format of the request body provided by the client. Its value should be set to **application/json**.  
  
For more information, refer to [HTTP request headers](/develop/guides-v2/using-ebay-restful-apis#request-components).

### getSigningKey

#### GET /signing_key/{signing_key_id}
**Description:** This method returns the **Public Key**, **Public Key as JWE**, and metadata for a specified `signingKeyId` associated with the application key making the call.  
  
**Note:** It is important to note that the `privateKey` value is **not** returned. In order to further ensure the security of confidential client information, eBay does **not** store the `privateKey` value in any system. If a developer loses their `privateKey` they must generate new keypairs using the `createSigningKey` method.
**Parameters:**
- **signing_key_id** (string) *required*
  - The system-generated eBay ID of the keypairs being requested.

## Error Codes

The following error codes may be returned by this API:

### REQUEST Errors

#### 210005 - API_KEYS
**Description:** You must request with a token having valid application client id.

#### 1001 - OAUTH
**Description:** Invalid access token. Check the value of the Authorization HTTP request header.

#### 1100 - OAUTH
**Description:** Insufficient permissions to fulfill the request.

#### 210001 - API_KEYS
**Description:** You must supply a valid signing key cipher. Allowed values are ED25519 and RSA.

#### 210006 - API_KEYS
**Description:** You must request for new signing key with valid request payload.

#### 210002 - API_KEYS
**Description:** The signing key with id {signingKeyId} was not found.

### APPLICATION Errors

#### 210000 - API_KEYS
**Description:** There was a problem with an eBay internal system or process. Contact eBay developer support for assistance.

#### 210003 - API_KEYS
**Description:** Unable to query signing keys of app.

#### 210004 - API_KEYS
**Description:** Unable to create signing keys for app.

## Rate Limits

See [API Call Limits](https://developer.ebay.com/develop/get-started/api-call-limits) on the eBay Developer Program.

## Resources

### Documentation

- [eBay Developer Program](https://developer.ebay.com/)
- [API Documentation](https://developer.ebay.com/develop/api/)
- [SDKs and Widgets](https://developer.ebay.com/develop/sdks-and-widgets)
- [Developer Community Forum](https://community.ebay.com/t5/Developer-Groups/ct-p/developergroup)

### Tools

- [API Explorer](https://developer.ebay.com/my/api_test_tool)
- [GraphQL Explorer](https://developer.ebay.com/my/graphql_explorer)

### Support

- [Developer Support](https://developer.ebay.com/support/)
- [API Status](https://developer.ebay.com/support/api-status)
- [Release Notes](https://developer.ebay.com/develop/api/release_notes/)

---
*Generated on 2026-07-08T04:36:22.112Z*