Key Management API Overview | eBay Developers Program

Due to regulatory requirements applicable to our EU/UK sellers, for certain APIs, developers need to add digital signatures to the respective HTTP call.

The Key Management API creates keypairs that are required when creating digital signatures for the following APIs:

All methods in the Finances API
issueRefund in the Fulfillment API
GetAccount in the Trading API
The following methods in the Post-Order API:

Any eBay API that accesses confidential financial information must include a digital signature for every HTTP call made on behalf of a customer that is domiciled in the EU/UK. For complete information about using keypairs to generate these digital signatures refer to Digital Signatures for APIs.

Technical overview

The Key Management API includes the following methods:

createSigningKey
getSigningKey
getSigningKeys

Ciphers

The Key Management API uses one of two ciphers to generate encrypted keypairs:

Ed25519 (Edwards Curve)
Ed25519 is the recommended cipher because it uses much shorter keys and will decrease the header size. For complete information, refer to RFC 8032.
RSA
For development frameworks that do not support Ed25519, eBay also supports RSA. For complete information, refer to RFC 3447.

`createSigningKey`

The createSigningKey method generates, and returns, three keypairs using the selected cipher:

Private Key
Public Key
Public Key as JWE

`getSigningKey`

The getSigningKey method returns the Public Key, Public Key as JWE, and metadata for a specified signingKeyId associated with the application key making the call.

Note: The Private Key value will only be returned in the response payload of a createSigningKey call. In order to guarantee the security of confidential client information, eBay does not store Private Key values on any system. Therefore, it will never be returned for a getSigningKey call. If a developer loses their Private Key they must generate a new keypair set by issuing a createSigningKey call.

`getSigningKeys`

The getSigningKeys method returns the Public Key, Public Key as JWE and metadata for all keypairs associated with the application key making the call.

Note: The Private Key value will only be returned in the response payload of a createSigningKey call. In order to guarantee the security of confidential client information, eBay does not store Private Key values on any system. Therefore, it will never be returned for a getSigningKeys call. If a developer loses their Private Key they must generate a new keypair set by issuing a createSigningKey call.

Business use cases

The Key Management API is used to create and retrieve keypairs required to add a digital signature to every HTTP call made on behalf of an EU/UK seller for those APIs listed above.

API restrictions

The Key Management API is not restricted by marketplace or user.