Skip to main content
POST
/
v1
/
{workspace}
/
ws_signing_key
/
Create Workspace Signing Key
curl -X POST "https://management-api.suprsend.com/v1/{workspace}/ws_signing_key/" \
  --header 'Authorization: ServiceToken <SERVICE_TOKEN>' \
  --header 'Content-Type: application/json'
{
  "id": "ws_signk_exampleId01",
  "uid": "signing_key_exampleUid01",
  "status": "active",
  "allowed_domains": null,
  "expiry_at": null,
  "private_key_pem": "-----BEGIN PRIVATE KEY-----\n...redacted...\n-----END PRIVATE KEY-----\n",
  "private_key_base64": "LS0tLS1CRUdJTi...redacted...",
  "created_at": "2026-04-21T12:35:24.117631Z",
  "created_by": {
    "name": "System User",
    "email": "org_XXXXXXXXXXXXXXXXXXXXXX@systemuser.suprsend.com"
  },
  "rolled_at": null,
  "rolled_by": null,
  "deleted_at": null,
  "deleted_by": null
}

Authorizations

ServiceToken <token>
string
header
required

You can get Service Token from SuprSend dashboard -> Account Settings -> Service Tokens section.

Path Parameters

workspace
string
required

Workspace slug (e.g. staging, production).

Response

Signing key created. Private key material is returned once in this response.

Signing key used to verify signed payloads.

id
string

Unique identifier of the signing key.

Example:

"ws_signk_exampleId01"

uid
string

Signing key uid used in path parameters for roll/delete.

Example:

"signing_key_exampleUid01"

status
enum<string>

Status of the signing key.

Available options:
active,
rolled
allowed_domains
string[] | null

Domains allowed to use this signing key.

expiry_at
string<date-time> | null

Timestamp when the signing key expires.

created_at
string<date-time>

Timestamp when the signing key was created.

created_by
object

Identity that performed an action (created, updated, rolled, deleted, rotated).

rolled_at
string<date-time> | null

Timestamp when the signing key was rolled.

rolled_by
object

Identity that performed an action (created, updated, rolled, deleted, rotated).

deleted_at
string<date-time> | null

Timestamp when the signing key was deleted.

deleted_by
object

Identity that performed an action (created, updated, rolled, deleted, rotated).

private_key_pem
string

PEM-encoded private key. Returned only at creation and on roll - store it securely and never commit to source control.

Example:

"-----BEGIN PRIVATE KEY-----\n...redacted...\n-----END PRIVATE KEY-----\n"

private_key_base64
string

Base64-encoded private key. Returned only at creation and on roll.

Example:

"LS0tLS1CRUdJTi...redacted..."