getSigningKeys: eBay Key Management API

GET/signing_key

This method returns the Public Key, Public Key as JWE, and metadata for all keypairs associated with the application key making the call.

Note: It is important to note that privateKey values are not returned. In order to further ensure the security of confidential client information, eBay does not store privateKey values in any system. If a developer loses their privateKey they must generate new keypairs set using the createSigningKey method.

Input

Resource URI

GET https://apiz.ebay.com/developer/key_management/v1/signing_key

This method is supported in Sandbox environment. To access the endpoint, just replace the apiz.ebay.com root URI with apiz.sandbox.ebay.com

URI parameters

This method has no URI parameters.

HTTP request headers

All requests made to eBay REST operations require you to provide the Authorization HTTP header for authentication authorization.

All other standard RESTful request headers are optional. For more information on standard RESTful request headers, see the HTTP request headers- opens rest request components page table.

OAuth scope

This request requires an access token created with the client credentials grant flow, using one or more scopes from the following list (please check your Application Keys page for a list of OAuth scopes available to your application):

https://api.ebay.com/oauth/api_scope

See OAuth access tokens for more information.

Request payload

This call has no payload.

Request fields

This call has no field definitions.

Output

HTTP response headers

This call has no response headers.

Response payload

Copy complete valid JSON to clipboard

{ /* QuerySigningKeysResponse */

"signingKeys" : [

{ /* SigningKey */

"creationTime" : "integer",

"expirationTime" : "integer",

"jwe" : "string",

"privateKey" : "string",

"publicKey" : "string",

"signingKeyCipher" : "SigningKeyCipher : [ED25519,RSA]",

"signingKeyId" : "string"

}

]

}

Response fields

Output container/field	Type	Description
signingKeys	array of SigningKey	An array of metadata information for keypairs owned by a user. Occurrence: Conditional
signingKeys.creationTime	integer	The UNIX timestamp when the `SigningKey` was created. This time is represented as the number of seconds from "1970-01-01T00:00:00Z", as measured in UTC, until the date and time the `SigningKey` was created. Occurrence: Always
signingKeys.expirationTime	integer	The UNIX timestamp when the `SigningKey` expires. This time is represented as the number of seconds from "1970-01-01T00:00:00Z", as measured in UTC, until the date and time the `SigningKey` expires. Note: All keys have an expiration date of three (3) years after their `creationTime`. Occurrence: Always
signingKeys.jwe	string	This is the JSON Web Encrypted (JWE) value for the `publicKey`. Occurrence: Always
signingKeys.privateKey	string	This is the Private Key that has been generated using the specified `signingKeyCipher`. Note: The `privateKey` value will only be returned in the response payload of the `createSigningKey` method. It will never be returned by the `getSigningKey` or `getSigningKeys` methods.Developers are strongly advised to download their `privateKey` value as Privacy Enhance Mail (PEM) format and store it locally for future reference. In order to guarantee the security of confidential client information, eBay does not store `privateKey` values on any system. Note: If a developer loses their `privateKey` they must generate new keypairs set using the `createSigningKey` method. Occurrence: Conditional
signingKeys.publicKey	string	This is the Public Key that has been generated using the specified `signingKeyCipher`. As a matter of good practice, developers are strongly advised to download this value and store it locally for safe-keeping and future reference. Occurrence: Always
signingKeys.signingKeyCipher	SigningKeyCipher	Indicates the cipher used to create the keypairs. Refer to SigningKeyCiper for the list of supported enum values. Occurrence: Always
signingKeys.signingKeyId	string	The system-generated eBay ID for the keypairs. Occurrence: Always

HTTP status codes

This call can return one of the following HTTP status codes. For an overview of the status codes, see HTTP status codes in Using eBay RESTful APIs.

Status	Meaning
200	OK
401	Unauthorized
403	Forbidden
500	Internal Server Error

Error codes

For more on errors, plus the codes of other common errors, see Handling errors.

Code	Domain	Category	Meaning
210000	API_KEYS	APPLICATION	There was a problem with an eBay internal system or process. Contact eBay developer support for assistance.
210005	API_KEYS	REQUEST	You must request with a token having valid application client id.

Warnings

This call has no warnings.

Samples

New to making API calls? Please see Making a Call.

Note: Identifiers, such as order IDs or user IDs, and personal data in these samples might be anonymized or may no longer be active on eBay. If necessary, substitute current, relevant eBay data in your requests.

Sample 1: Return all keypairs

This sample returns the Public Key, Public Key as JWE, and metadata for all keypairs associated with the application key making the call.

Note: It is important to note that Private Key values are not returned. In order to further ensure the security of confidential client information, eBay does not store any Private Key value in any system. If a developer loses their Private Key they must generate new keypairs using the createSigningKey method.

Input

There is no request payload for this method.

GEThttps://apiz.ebay.com/developer/key_management/v1/signing_key

Output

A successful call returns the HTTP status code 200 OK.

The response payload includes the the Public Key, Public Key as JWE, and metadata for all keypairs associated with the application key making the call.

{
	"signingKeys": [
		{
			"signingKeyId": "2*******-****-****-****-***********7",
			"signingKeyCipher": "RSA",
			"publicKey": "M******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************B",
			"jwe": "e***********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************g",
			"creationTime": 1661139537203,
			"expirationTime": 1755747537203
		},
		{
			"signingKeyId": "A*******-****-****-****-***********1",
			"signingKeyCipher": "ED25519",
			"publicKey": "x**********************************************************=",
			"jwe": "e**************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************Q",
			"creationTime": 1661139539613,
			"expirationTime": 1755747539613
		}
	]
}