Skip to main content
POST
/
api
/
{serviceId}
/
hsk
/
create
Typescript (SDK)
import { Authlete } from "@authlete/typescript-sdk";

const authlete = new Authlete({
  bearer: process.env["AUTHLETE_BEARER"] ?? "",
});

async function run() {
  const result = await authlete.hardwareSecurityKeys.create({
    serviceId: "<id>",
    hskCreateRequest: {},
  });

  console.log(result);
}

run();
{
  "resultCode": "<string>",
  "resultMessage": "<string>",
  "action": "SUCCESS",
  "hsk": {
    "kty": "<string>",
    "use": "<string>",
    "kid": "<string>",
    "hsmName": "<string>",
    "handle": "<string>",
    "publicKey": "<string>",
    "alg": "<string>"
  }
}

Authorizations

Authorization
string
header
required

Authenticate every request with a Service Access Token or Organization Token. Set the token value in the Authorization: Bearer <token> header.

Service Access Token: Scoped to a single service. Use when automating service-level configuration or runtime flows.

Organization Token: Scoped to the organization; inherits permissions across services. Use for org-wide automation or when managing multiple services programmatically.

Both token types are issued by the Authlete console or provisioning APIs.

Path Parameters

serviceId
string
required

A service ID.

Body

kty
string

The key type (EC or RSA)

use
string

The key on the HSM. When the key use is "sig" (signature), the private key on the HSM is used to sign data and the corresponding public key is used to verify the signature. When the key use is "enc" (encryption), the private key on the HSM is used to decrypt encrypted data which have been encrypted with the corresponding public key

kid
string

Key ID for the key on the HSM.

hsmName
string

The name of the HSM. The identifier for the HSM that sits behind the Authlete server. For example, "google".

alg
string

The algorithm of the key on the HSM. When the key use is "sig", the algorithm represents a signing algorithm such as "ES256". When the key use is "enc", the algorithm represents an encryption algorithm such as "RSA-OAEP-256".

It is rare that HSMs support all the algorithms listed in RFC 7518 JSON Web Algorithms (JWA). When the specified algorithm is not supported by the HSM, the request to the /hsk/create API fails.

Response

HSK created successfully

resultCode
string

The code which represents the result of the API call.

resultMessage
string

A short message which explains the result of the API call.

action
enum<string>

Result of the API call.

Available options:
SUCCESS,
INVALID_REQUEST,
NOT_FOUND,
SERVER_ERROR
hsk
object

Holds information about a key managed in an HSM (Hardware Security Module)