openapi: 3.0.0 info: title: Key Management API description: Due to regulatory requirements applicable to our EU/UK sellers, for certain APIs, developers need to add digital signatures to the respective HTTP call. The Key Management API creates keypairs that are required when creating digital signatures for the following APIs:Note: For additional information about keypairs and creating Message Signatures, refer to Digital Signatures for APIs. contact: name: eBay Inc, license: name: eBay API License Agreement url: https://go.developer.ebay.com/api-license-agreement version: v1.0.0 servers: - url: https://apiz.ebay.com{basePath} description: Production variables: basePath: default: /developer/key_management/v1 paths: /signing_key: get: tags: - signing_key description: This method returns the Public Key, Public Key as JWE, and metadata for all keypairs associated with the application key making the call.

Note: It is important to note that privateKey values are not returned. In order to further ensure the security of confidential client information, eBay does not store privateKey values in any system. If a developer loses their privateKey they must generate new keypairs set using the createSigningKey method. operationId: getSigningKeys responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/QuerySigningKeysResponse' '400': description: Bad Request x-response-codes: errors: '210005': domain: API_KEYS category: REQUEST description: You must request with a token having valid application client id. '401': description: Unauthorized '403': description: Forbidden '500': description: Internal Server Error x-response-codes: errors: '210000': domain: API_KEYS category: APPLICATION description: There was a problem with an eBay internal system or process. Contact eBay developer support for assistance. security: - api_auth: - https://api.ebay.com/oauth/api_scope post: tags: - signing_key description: This method creates keypairs using one of the following ciphers:Note: The recommended signature cipher is ED25519 (Edwards Curve) since it uses much shorter keys and therefore decreases the header size. However, for development frameworks that do not support ED25519, RSA is also supported.
Following a successful completion, the following keys are returned:Once keypairs are created, developers are strongly advised to create and store a local copy of each keypair for future reference. Although the Public Key, Public Key as JWE, and metadata for keypairs may be retrieved by the getSigningKey and getSigningKeys methods, in order to further ensure the security of confidential client information, eBay does not store the Private Key value in any system. If a developer loses their Private Key they must generate new keypairs using the createSigningKey method.
Note: For additional information about using keypairs, refer to Digital Signatures for APIs. operationId: createSigningKey parameters: - name: Content-Type in: header description: This header indicates the format of the request body provided by the client. Its value should be set to application/json.

For more information, refer to HTTP request headers. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateSigningKeyRequest' required: false responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/SigningKey' '400': description: Bad Request x-response-codes: errors: '210001': domain: API_KEYS category: REQUEST description: You must supply a valid signing key cipher. Allowed values are ED25519 and RSA. '210005': domain: API_KEYS category: REQUEST description: You must request with a token having valid application client id. '210006': domain: API_KEYS category: REQUEST description: You must request for new signing key with valid request payload. '401': description: Unauthorized '403': description: Forbidden '500': description: Internal Server Error x-response-codes: errors: '210000': domain: API_KEYS category: APPLICATION description: There was a problem with an eBay internal system or process. Contact eBay developer support for assistance. security: - api_auth: - https://api.ebay.com/oauth/api_scope /signing_key/{signing_key_id}: get: tags: - signing_key description: This method returns the Public Key, Public Key as JWE, and metadata for a specified signingKeyId associated with the application key making the call.

Note: It is important to note that the privateKey value is not returned. In order to further ensure the security of confidential client information, eBay does not store the privateKey value in any system. If a developer loses their privateKey they must generate new keypairs using the createSigningKey method. operationId: getSigningKey parameters: - name: signing_key_id in: path description: The system-generated eBay ID of the keypairs being requested. required: true schema: type: string responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/SigningKey' '400': description: Bad Request x-response-codes: errors: '210005': domain: API_KEYS category: REQUEST description: You must request with a token having valid application client id. '401': description: Unauthorized '403': description: Forbidden '404': description: Not found x-response-codes: errors: '210002': domain: API_KEYS category: REQUEST description: The signing key with id {signingKeyId} was not found. '500': description: Internal Server Error x-response-codes: errors: '210000': domain: API_KEYS category: APPLICATION description: There was a problem with an eBay internal system or process. Contact eBay developer support for assistance. security: - api_auth: - https://api.ebay.com/oauth/api_scope components: schemas: CreateSigningKeyRequest: type: object properties: signingKeyCipher: type: string description: The enumerated value for the cipher to be used to create the signing key. Refer to SigningKeyCiper for the list of supported enum values. For implementation help, refer to eBay API documentation description: This request creates a new signing key. Error: type: object properties: category: type: string description: Identifies the type of erro. domain: type: string description: Name for the primary system where the error occurred. This is relevant for application errors. errorId: type: integer description: A unique number to identify the error. format: int32 inputRefIds: type: array description: An array of request elements most closely associated to the error. items: type: string longMessage: type: string description: A more detailed explanation of the error. message: type: string description: Information on how to correct the problem, in the end user's terms and language where applicable. outputRefIds: type: array description: An array of request elements most closely associated to the error. items: type: string parameters: type: array description: An array of name/value pairs that describe details the error condition. These are useful when multiple errors are returned. items: $ref: '#/components/schemas/ErrorParameter' subdomain: type: string description: 'Further helps indicate which subsystem the error is coming from. System subcategories include: Initialization, Serialization, Security, Monitoring, Rate Limiting, etc.' description: This type defines the fields that can be returned in an error. ErrorParameter: type: object properties: name: type: string description: The object of the error. value: type: string description: The value of the object. QuerySigningKeysResponse: type: object properties: signingKeys: type: array description: An array of metadata information for keypairs owned by a user. items: $ref: '#/components/schemas/SigningKey' description: This container stores metadata information for all keypairs that are owned by a user. SigningKey: type: object properties: creationTime: type: integer description: The UNIX timestamp when the SigningKey was created. This time is represented as the number of seconds from "1970-01-01T00:00:00Z", as measured in UTC, until the date and time the SigningKey was created. format: int32 expirationTime: type: integer description: The UNIX timestamp when the SigningKey expires. This time is represented as the number of seconds from "1970-01-01T00:00:00Z", as measured in UTC, until the date and time the SigningKey expires.
Note: All keys have an expiration date of three (3) years after their creationTime. format: int32 jwe: type: string description: This is the JSON Web Encrypted (JWE) value for the publicKey. privateKey: type: string description: This is the Private Key that has been generated using the specified signingKeyCipher.
Note: The privateKey value will only be returned in the response payload of the createSigningKey method.

It will never be returned by the getSigningKey or getSigningKeys methods.
Developers are strongly advised to download their privateKey value as Privacy Enhance Mail (PEM) format and store it locally for future reference. In order to guarantee the security of confidential client information, eBay does not store privateKey values on any system.
Note: If a developer loses their privateKey they must generate new keypairs set using the createSigningKey method. publicKey: type: string description: This is the Public Key that has been generated using the specified signingKeyCipher.

As a matter of good practice, developers are strongly advised to download this value and store it locally for safe-keeping and future reference. signingKeyCipher: type: string description: Indicates the cipher used to create the keypairs. Refer to SigningKeyCiper for the list of supported enum values. For implementation help, refer to eBay API documentation signingKeyId: type: string description: The system-generated eBay ID for the keypairs. description: This container stores metadata for a signing key. securitySchemes: api_auth: type: oauth2 description: The security definitions for this API. Please check individual operations for applicable scopes. flows: clientCredentials: tokenUrl: https://api.ebay.com/identity/v1/oauth2/token scopes: https://api.ebay.com/oauth/api_scope: View public data from eBay