Get a delegated signing key
Retrieve a delegated signing key by its system-generated id.
Authorizations
API token authentication using format <api token id>:<api client secret>
Path Parameters
The id of the delegated key to retrieve (the id field of the DelegatedKey returned from POST /auth/delegated-keys or GET /auth/delegated-keys).
Response
Successful operation
A delegated signing key for a card backed by an Embedded Wallet internal account. Returned from POST /auth/delegated-keys (on activation), GET /auth/delegated-keys (list), and GET /auth/delegated-keys/{id}. The keypair is generated and custodied by Grid; the private key is never returned. While ACTIVE, Grid may use the key to authorize Spark token-transaction signing for the card's Embedded Wallet funding account in place of a session keypair. publicKey is informational metadata identifying the credential.
Grid-issued DelegatedKey:<uuid> identifier.
"DelegatedKey:019542f5-b3e7-1d02-0000-000000000021"
The card this key is delegated for.
"Card:019542f5-b3e7-1d02-0000-000000000010"
The Embedded Wallet internal account this key is delegated for, derived from the card's funding sources.
"InternalAccount:019542f5-b3e7-1d02-0000-000000000002"
Compressed P-256 public key (hex) of the delegated API keypair.
"02a1b2c3d4e5f60718293a4b5c6d7e8f90a1b2c3d4e5f60718293a4b5c6d7e8f90"
Human-readable label for the delegated key.
"Settlement service key"
Status of a delegated signing key.
PENDING: The delegated user exists but the policy-creation leg never completed. The key cannot sign.ACTIVE: The policy is granted and the key may stamp quote executions.REVOKED: The delegated user has been deleted and the key can no longer sign.
PENDING, ACTIVE, REVOKED "ACTIVE"
When the delegated key was created.
"2026-04-08T15:30:01Z"
When the delegated key was last updated.
"2026-04-08T15:30:42Z"