# Pair an API Client with the API Signer

Create a public/private signature key pair for the API client.

To pair an API Client with the [API Signer](/developers/program-overview), create a public/private signature key pair for the API client. Fordefi currently supports ECDSA signatures over the **NIST P-256 curve** (also known as: secp256r1 or prime256v1). You can use an external key management service (such as [AWS KMS](https://docs.aws.amazon.com/kms/index.html)) to generate and store the private key and to sign the transaction requests. Then register the public key directly with the API Signer.

**To create the private key using openSSL**:

1. Open a terminal and issue the following command:
`openssl ecparam -genkey -name prime256v1 -noout -out private.pem`
2. Extract the public key:
`openssl ec -in private.pem -pubout`


**To upload the API client public key**:

1. Open the API Signer and select **Register API user key**.
2. Select the API User from the list and press **Enter**.
3. Paste your public key and press **Enter**.


Example public key
The public key should be copied without spaces or new lines, as follows:
`MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5oTLGdLQBUHO1QUIGMNASIbsFu3RFKZThEAS2A4f3I9m1PjKszzVQDsBKX5SSm0aXlJQ5gNzYTDZTfBPVPtJfw==`