# Key Pair API > Generate cryptographic key pairs on demand — RSA (2048/3072/4096), elliptic-curve (P-256, P-384, P-521, secp256k1), Ed25519 and Ed448 — returned as PEM (SPKI public key, PKCS#8 private key) and, optionally, as JWK. Perfect for spinning up JWT/JWS signing keys, TLS and SSH experiments, test fixtures and demos. Pure local generation with Node's crypto (no third-party service). Note: for development, testing and education — generate keys for production systems offline or in an HSM, never trust a remote API with real private keys. Live, nothing stored. 3 endpoints. Distinct from JWT signing, password generation and hashing. ## Authentication All requests require your oanor API key in the `x-oanor-key` header. Get one at https://www.oanor.com/developer/keys. ```bash curl -H "x-oanor-key: oanor_live_…" "https://api.oanor.com/keypair-api/..." ``` ## Pricing - **Free** (Free) — 1,160 calls/Mo, 2 req/s - **Starter** ($3/Mo) — 11,000 calls/Mo, 8 req/s - **Pro** ($23/Mo) — 148,000 calls/Mo, 20 req/s - **Mega** ($59/Mo) — 760,000 calls/Mo, 50 req/s ## Endpoints ### Keys #### `GET /v1/generate` — Generate a key pair **Parameters:** - `type` (query, optional, string) — rsa|ec|ed25519|ed448 (default rsa) Example: `ed25519` - `bits` (query, optional, string) — RSA: 2048|3072|4096 - `curve` (query, optional, string) — EC: P-256|P-384|P-521|secp256k1 - `jwk` (query, optional, string) — true to also return JWK **Example:** ```bash curl -H "x-oanor-key: $KEY" \ "https://api.oanor.com/keypair-api/v1/generate?type=ed25519" ``` **Response:** ```json { "data": { "note": "For development/testing. Generate production keys offline or in an HSM — never via a remote API.", "type": "ed25519", "public_key": "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAqp+5pvuwGBmSgWwIPhOOImhGIC03gVQr3hgNacLuF90=\n-----END PUBLIC KEY-----\n", "private_key": "-----BEGIN PRIVATE KEY-----\nMC4CAQAwBQYDK2VwBCIEIK2/UdmkywlDwlsVt+za2Dq5FtfUL9dgQlpVZqFvo/zi\n-----END PRIVATE KEY-----\n" }, "meta": { "timestamp": "2026-06-02T16:51:52.255Z", "request_id": "dbef8251-d427-4d1b-918d-fd5c6d1ca3a9" }, "status": "ok", "message": "Generate a key pair", "success": true } ``` ### Reference #### `GET /v1/types` — Supported key types **Example:** ```bash curl -H "x-oanor-key: $KEY" \ "https://api.oanor.com/keypair-api/v1/types" ``` **Response:** ```json { "data": { "types": [ "rsa", "ec", "ed25519", "ed448" ], "rsa_bits": [ 2048, 3072, 4096 ], "ec_curves": [ "P-256", "P-384", "P-521", "secp256k1" ] }, "meta": { "timestamp": "2026-06-02T16:51:52.363Z", "request_id": "36c96d28-4d23-4fb4-a540-0b53ef5db269" }, "status": "ok", "message": "Supported key types", "success": true } ``` ### Meta #### `GET /v1/meta` — Spec **Example:** ```bash curl -H "x-oanor-key: $KEY" \ "https://api.oanor.com/keypair-api/v1/meta" ``` **Response:** ```json { "data": { "auth": "none upstream; this gateway requires x-api-key", "name": "Key Pair API", "note": "Generate cryptographic key pairs. /v1/generate?type=rsa&bits=2048 (or type=ec&curve=P-256, type=ed25519, type=ed448); add jwk=true for JWK output alongside PEM (SPKI public / PKCS8 private). /v1/types lists options. For development, testing, JWT/JWS signing keys and TLS/SSH experiments — generate production keys offline. Instant, nothing stored.", "source": "Local key generation (Node crypto) — no key, no upstream", "endpoints": 3 }, "meta": { "timestamp": "2026-06-02T16:51:52.467Z", "request_id": "38b848eb-b804-4231-a79e-ac6cb73a689d" }, "status": "ok", "message": "Meta", "success": true } ``` --- Marketplace page: https://www.oanor.com/api/keypair-api OpenAPI spec: https://www.oanor.com/api/keypair-api/openapi.json