POST
/
v1
/
sign
/
managed
KMS Sign
curl --request POST \
  --url https://api.example.com/v1/sign/managed \
  --header 'Content-Type: application/json' \
  --data '
{
  "key_id": "<string>",
  "message": "<string>",
  "algorithm": "<string>"
}
'

Request

key_id
string
required
KMS key ARN returned from key creation
message
string
required
Message to sign (hex-encoded or UTF-8 text)
algorithm
string
default:"ml-dsa-65"
Signing algorithm

Response

{
  "signature": "624d9e92535886...",
  "algorithm": "ml-dsa-65",
  "key_id": "arn:aws:kms:..."
}
Messages larger than 4KB are automatically hashed with SHA-256 before signing (AWS KMS requirement).