# Add a new client public key Upload a client public key for request payload signing or response payload encryption. {% admonition type="warning" %} This endpoint requires a client credentials token, not a user level access token. Make sure you use your client details to fetch a valid client credentials token before performing this call. {% /admonition %} Endpoint: POST /v1/auth/jose/request/public-keys Security: ClientCredentialsToken ## Request fields (application/json): - `keyId` (string) Unique public key identifier in UUID format. - `validFrom` (string) The key is valid from this date. Format: yyyy-MM-dd HH:mm:ss (UTC). - `validTill` (string) The key is valid until this date. Format: yyyy-MM-dd HH:mm:ss (UTC). - `scope` (string) Scope of the payload operation. Enum: "PAYLOAD_SIGNING", "PAYLOAD_ENCRYPTION" - `publicKeyMaterial` (object) - `publicKeyMaterial.algorithm` (string) Algorithm to be used for: - Signature verification (Scope: PAYLOAD_SIGNING): ES256, ES384, ES512, PS256, PS384, PS512 - Payload encryption (Scope: PAYLOAD_ENCRYPTION): RSA_OAEP_256 Enum: "ES256", "ES384", "ES512", "PS256", "PS384", "PS512", "RSA_OAEP_256" - `publicKeyMaterial.keyMaterial` (string) Public key material in DER (Distinguished Encoding Rules) format and base64 encoded. ## Response 201 fields (application/json): - `clientId` (string,null) This field is currently not in use and will always return null. - `keyId` (string) Unique public key identifier in UUID format. - `scope` (string) Scope of the payload operation. Enum: "PAYLOAD_SIGNING", "PAYLOAD_ENCRYPTION" - `validFrom` (string) The key is valid from this date. Format: yyyy-MM-dd HH:mm:ss (UTC). - `validTill` (string) The key is valid until this date. Format: yyyy-MM-dd HH:mm:ss (UTC). - `publicKeyMaterial` (object) - `publicKeyMaterial.algorithm` (string) Algorithm to be used for request signature verification or for response payload encryption. - `publicKeyMaterial.keyMaterial` (string) Public key material in DER (Distinguished Encoding Rules) format and base64 encoded. - `deactivationTimestamp` (string,null) This field is currently not in use and will always return null.