Due to regulatory requirements applicable to our EU/UK sellers, for certain APIs, developers need to add digital signatures to the respective HTTP call.
The Key Management API creates keypairs that are required when creating digital signatures for the following APIs:
- All methods in the Finances API
- issueRefund in the Fulfillment API
- GetAccount in the Trading API
- The following methods in the Post-Order API:
Any eBay API that accesses confidential financial information must include a digital signature for every HTTP call made on behalf of a customer that is domiciled in the EU/UK. For complete information about using keypairs to generate these digital signatures refer to Digital Signatures for APIs.
Technical overview
The Key Management API includes the following methods:
- createSigningKey
- getSigningKey
- getSigningKeys
Ciphers
The Key Management API uses one of two ciphers to generate encrypted keypairs:
Ed25519 (Edwards Curve)
Ed25519 is the recommended cipher because it uses much shorter keys and will decrease the header size. For complete information, refer to RFC 8032.
RSA
For development frameworks that do not support Ed25519, eBay also supports RSA. For complete information, refer to RFC 3447.
createSigningKey
The createSigningKey
method generates, and returns, three keypairs using the selected cipher:
- Private Key
- Public Key
- Public Key as JWE
getSigningKey
The getSigningKey
method returns the Public Key, Public Key as JWE, and metadata for a specified signingKeyId
associated with the application key making the call.
Note: The Private Key value will only be returned in the response payload of a createSigningKey
call. In order to guarantee the security of confidential client information, eBay does not store Private Key values on any system. Therefore, it will never be returned for a getSigningKey
call. If a developer loses their Private Key they must generate a new keypair set by issuing a createSigningKey
call.
getSigningKeys
The getSigningKeys
method returns the Public Key, Public Key as JWE and metadata for all keypairs associated with the application key making the call.
Note: The Private Key value will only be returned in the response payload of a createSigningKey
call. In order to guarantee the security of confidential client information, eBay does not store Private Key values on any system. Therefore, it will never be returned for a getSigningKeys
call. If a developer loses their Private Key they must generate a new keypair set by issuing a createSigningKey
call.
Business use cases
The Key Management API is used to create and retrieve keypairs required to add a digital signature to every HTTP call made on behalf of an EU/UK seller for those APIs listed above.
API restrictions
The Key Management API is not restricted by marketplace or user.