> ## Documentation Index
> Fetch the complete documentation index at: https://docs.methodfi.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create MLE Public Key

export const ParamList = ({items = [], is_child = false}) => {
  return items.map(item => {
    const field_props = {
      id: Math.random().toString(),
      body: item.name,
      name: item.name,
      type: item.type,
      required: item.required
    };
    const enums = item.enums || [];
    const items = item.items || [];
    const has_items = items?.length > 0;
    const has_enums = enums?.length > 0;
    const should_default_open = item.defaultOpen || false;
    const render_child_item = () => {
      const child_props = {
        title: has_enums ? "Possible enum values" : "properties"
      };
      if (should_default_open) child_props.defaultOpen = true;
      const has_inline_enums = has_enums && enums.every(enum_item => typeof enum_item === 'string') && enums.map((enum_item, idx) => {
        const is_last = idx === enums.length - 1;
        const is_2nd_to_last = idx === enums.length - 2;
        return <>
            <code>{enum_item}</code>
            {is_last && ''}
            {is_2nd_to_last && ' or '}
            {!is_last && !is_2nd_to_last && ', '}
          </>;
      });
      const enum_list = has_enums && !has_inline_enums && <Accordion {...child_props}>
          {enums.map((enum_item, index) => <div key={`enum-${index}`}>
              <code>{enum_item.name}</code>
              <br />
              <p>{enum_item.description}</p>
            </div>)}
        </Accordion>;
      const item_list = has_items && <Expandable {...child_props}>
          <ParamList items={items || []} is_child />
        </Expandable>;
      return <>
          <p>
            {item.description}
            {has_inline_enums && [has_inline_enums.length > 1 ? ' One of ' : ' Must be ', ...has_inline_enums]}
          </p>

          {enum_list}
          {item_list}
        </>;
    };
    return is_child ? <ResponseField {...field_props}>{render_child_item()}</ResponseField> : <ParamField {...field_props}>{render_child_item()}</ParamField>;
  });
};

Creates a new public key registration for Message Level Encryption. You can register your key using either direct registration (providing the JWK directly) or well-known endpoint registration (providing a URL where Method can fetch your JWKS).

<Note>
  Each key ID (`kid`) can only be registered once. Choose either direct or well-known registration for each unique key.
</Note>

## Body

<ParamList
  items={[
{
  name: "type",
  type: "string",
  required: true,
  description: "The type of key registration.",
  enums: ["direct", "well_known"],
},
{
  name: "contact",
  type: "string",
  required: true,
  description: "Contact email for the key registration.",
},
{
  name: "jwk",
  type: "object | null",
  required: false,
  description: "The JSON Web Key object. Required for direct registration, null for well-known.",
  items: [
    {
      name: "jwk.kid",
      type: "string",
      required: false,
      description: "Key ID. Method will assign one if not provided.",
    },
    {
      name: "jwk.kty",
      type: "string",
      required: true,
      description: "Key type. Must be 'RSA'.",
    },
    {
      name: "jwk.alg",
      type: "string",
      required: false,
      description: "Algorithm. If provided, must be 'RSA-OAEP-256'.",
    },
    {
      name: "jwk.use",
      type: "string",
      required: false,
      description: "Key use. If provided, must be 'enc'.",
    },
    {
      name: "jwk.n",
      type: "string",
      required: true,
      description: "RSA modulus parameter.",
    },
    {
      name: "jwk.e",
      type: "string",
      required: true,
      description: "RSA exponent parameter.",
    },
  ],
},
{
  name: "well_known_endpoint",
  type: "string | null",
  required: false,
  description: "URL to your JWKS endpoint. Required for well-known registration, null for direct.",
},
]}
/>

## Well-Known Endpoint Requirements

If using `type: "well_known"`, your endpoint must return a JWKS that meets these requirements:

1. Must have a top-level field named `keys` that has a list as its value.
2. For a JWK (an item in list of `keys`) to be valid the following must be met:
   1. JWK must be an object
   2. JWK must have a field named `kty` and it must be equal to `RSA`
   3. JWK must have a field `n` and it must be a string that is valid `n` for a JWK in accordance to the RFC
   4. JWK must have a field `e` and it must be a string that is valid `e` for a JWK in accordance to the RFC
   5. JWK can optionally have a field named `alg` but if it is provided the value must be `RSA-OAEP-256`
   6. JWK must have a field `kid` and it must be a string that is a valid `id` which will be passed as `cid` when making requests to Method

## Returns

Returns the created public key registration object with an assigned ID and active status.

<RequestExample>
  ```bash cURL theme={null}
  curl https://production.methodfi.com/teams/mle/public_keys \
    -X POST \
    -H "Method-Version: 2026-03-30" \
    -H "Authorization: Bearer sk_WyZEWVfTcH7GqmPzUPk65Vjc" \
    -H "Content-Type: application/json" \
    -d '{
      "type": "direct",
      "contact": "security@yourcompany.com",
      "jwk": {
        "kid": "your-unique-key-id",
        "kty": "RSA",
        "alg": "RSA-OAEP-256",
        "use": "enc",
        "n": "s3C9N7Vz...J7c",
        "e": "AQAB"
      },
      "well_known_endpoint": null
    }'
  ```

  ```javascript Node.js theme={null}
  const key = await method.teams.mle.publicKeys.create({
    type: 'direct',
    contact: 'security@yourcompany.com',
    jwk: {
      kid: 'your-unique-key-id',
      kty: 'RSA',
      alg: 'RSA-OAEP-256',
      use: 'enc',
      n: 's3C9N7Vz...J7c',
      e: 'AQAB'
    },
    well_known_endpoint: null
  });
  ```

  ```python Python theme={null}
  key = method.teams.mle.public_keys.create({
    'type': 'direct',
    'contact': 'security@yourcompany.com',
    'jwk': {
      'kid': 'your-unique-key-id',
      'kty': 'RSA',
      'alg': 'RSA-OAEP-256',
      'use': 'enc',
      'n': 's3C9N7Vz...J7c',
      'e': 'AQAB'
    },
    'well_known_endpoint': None
  })
  ```
</RequestExample>

<ResponseExample>
  ```json Response theme={null}
  {
    "success": true,
    "data": {
      "id": "team_jwk_12345", 
      "type": "direct",
      "jwk": {
        "kid": "your-unique-key-id", 
        "kty": "RSA",
        "alg": "RSA-OAEP-256",
        "use": "enc",
        "n": "s3C9N7Vz...J7c",
        "e": "AQAB"
      },
      "well_known_endpoint": null,
      "status": "active",
      "contact": "security@yourcompany.com",
      "created_at": "2024-01-15T10:30:00Z",
      "updated_at": "2024-01-15T10:30:00Z"
    },
    "message": null
  }
  ```
</ResponseExample>