Batch sign with one or more private keys.

  • Published on Jul 22, 2025
  • 1 minute(s) read
Prev Next
Post
/crypto/v1/keys/batch/sign

The order of batch items in the response matches that of the request. An individual status code is returned for each batch item.

Security
HTTP
Type bearer
API Key: apiKeyAuth
Header parameter nameAuthorization
Body parameters
Array of object
object
key

Uniquely identifies a persisted or transient sobject.

OneOf
SobjectDescriptorVariantKid
object (SobjectDescriptorVariantKid)
kid
string (uuid) Required
SobjectDescriptorVariantName
object (SobjectDescriptorVariantName)
name
string Required
Max length4096
Pattern^[^\n]*[^\s\n][^\n]*$
SobjectDescriptorVariantTransientKey
object (SobjectDescriptorVariantTransientKey)
transient_key
string (byte) Required
SobjectDescriptorVariantInline
object (SobjectDescriptorVariantInline)
inline
object Required
value
string (byte) Required
obj_type
string Required

Type of security object.

Valid values[ "AES", "ARIA", "DES", "DES3", "SEED", "RSA", "DSA", "EC", "KCDSA", "ECKCDSA", "BIP32", "BLS", "OPAQUE", "HMAC", "LEDABETA", "ROUND5BETA", "SECRET", "LMS", "XMSS", "MLDSA", "MLDSABETA", "MLKEM", "MLKEMBETA", "CERTIFICATE", "PBE" ]
hash_alg
string

A hash algorithm.

Valid values[ "BLAKE2B256", "BLAKE2B384", "BLAKE2B512", "BLAKE2S256", "RIPEMD160", "SSL3", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512", "STREEBOG256", "STREEBOG512", "SHA3_224", "SHA3_256", "SHA3_384", "SHA3_512" ]
hash
string (byte)

Hashed data to be signed. Either hash or data should be specified; it is an error to specify both or none. Hash should be base64 encoded.

data
string (byte)

Data to be signed. Either hash or data should be specified; it is an error to specify both or none. Data should be base64 encoded.

mode

Signature mechanism

OneOf
object
OneOf
RsaSignaturePaddingVariantPss
object (RsaSignaturePaddingVariantPss)
PSS
object Required
mgf

Specifies the Mask Generating Function (MGF) to use.

OneOf
MgfVariantMgf1
object (MgfVariantMgf1)
mgf1
object Required
hash
string Required

A hash algorithm.

Valid values[ "BLAKE2B256", "BLAKE2B384", "BLAKE2B512", "BLAKE2S256", "RIPEMD160", "SSL3", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512", "STREEBOG256", "STREEBOG512", "SHA3_224", "SHA3_256", "SHA3_384", "SHA3_512" ]
RsaSignaturePaddingVariantPkcs1V15
object (RsaSignaturePaddingVariantPkcs1V15)
PKCS1_V15
object Required
deterministic_signature
boolean | null

Whether signatures should be deterministic. Defaults to false. If specified, the value must be compatible with the key's settings.

context
string (byte)

The context parameter to be provided to the sign algorithm.

Currently only ML-DSA keys accept a context parameter; this parameter must not be specified for any other key types.

Responses
2XX

Success result

Expand All
Array
OneOf
BatchSignResponseItemSuccess
object (BatchSignResponseItemSuccess)
status
integer
body
object
kid
string (uuid) | null

The ID of the key used for signing. Returned for non-transient keys

signature
string (byte)

Signed data

BatchSignResponseItemError
object (BatchSignResponseItemError)
status
integer
error
string