Skip to main content
POST
/
v1
/
{workspace}
/
ws_signing_key
Create Workspace Signing Key
curl -X POST "https://management-api.suprsend.com/v1/{workspace}/ws_signing_key/" \
  --header 'Authorization: ServiceToken <SERVICE_TOKEN>' \
  --header 'Content-Type: application/json'
{
  "id": "ws_signk_exampleId01",
  "uid": "signing_key_exampleUid01",
  "status": "active",
  "allowed_domains": null,
  "expiry_at": null,
  "private_key_pem": "-----BEGIN PRIVATE KEY-----\n...redacted...\n-----END PRIVATE KEY-----\n",
  "private_key_base64": "LS0tLS1CRUdJTi...redacted...",
  "created_at": "2026-04-21T12:35:24.117631Z",
  "created_by": {
    "name": "System User",
    "email": "org_XXXXXXXXXXXXXXXXXXXXXX@systemuser.suprsend.com"
  },
  "rolled_at": null,
  "rolled_by": null,
  "deleted_at": null,
  "deleted_by": null
}

Documentation Index

Fetch the complete documentation index at: https://docs.suprsend.com/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

ServiceToken <token>
string
header
required

You can get Service Token from SuprSend dashboard -> Account Settings -> Service Tokens section.

Path Parameters

workspace
string
required

Workspace slug (e.g. staging, production).

Response

Signing key created. Private key material is returned once in this response.

Signing key used to verify signed payloads.

id
string
Example:

"ws_signk_exampleId01"

uid
string

Signing key uid used in path parameters for roll/delete.

Example:

"signing_key_exampleUid01"

status
enum<string>

Status of the signing key.

Available options:
active,
rolled
allowed_domains
string[] | null
expiry_at
string<date-time> | null
created_at
string<date-time>
created_by
object

Identity that performed an action (created, updated, rolled, deleted, rotated).

rolled_at
string<date-time> | null
rolled_by
object

Identity that performed an action (created, updated, rolled, deleted, rotated).

deleted_at
string<date-time> | null
deleted_by
object

Identity that performed an action (created, updated, rolled, deleted, rotated).

private_key_pem
string

PEM-encoded private key. Returned only at creation and on roll — store it securely and never commit to source control.

Example:

"-----BEGIN PRIVATE KEY-----\n...redacted...\n-----END PRIVATE KEY-----\n"

private_key_base64
string

Base64-encoded private key. Returned only at creation and on roll.

Example:

"LS0tLS1CRUdJTi...redacted..."