Skip to content

Purpose Required

URI: https://docs.ankatech.co/errors/purpose-required
HTTP Status: 422 Unprocessable Entity

When you see this

The key being created or imported supports more than one purpose, so the platform cannot infer a single purpose automatically. You must declare the key's purpose explicitly.

Common Causes

  • Creating a key with an algorithm that is valid for both encryption and signing without specifying purpose.
  • Importing a legacy key whose KeyUsage is permissive enough to map to multiple purposes.
  • Omitting purpose/purposeMappings where the platform cannot derive a single unambiguous purpose.

Response Example

{
  "type": "https://docs.ankatech.co/errors/purpose-required",
  "title": "Purpose Required",
  "status": 422,
  "detail": "Key purpose could not be inferred and must be declared explicitly. Provide a 'purpose' value.",
  "instance": "/api/v3/keys",
  "correlationId": "550e8400-e29b-41d4-a716-446655440000",
  "timestamp": 1730000000
}

Content-Type: application/problem+json — the response follows RFC 7807 Problem Details.

How to Resolve

  1. Set the purpose field explicitly (for example ENCRYPT_DECRYPT or SIGN_VERIFY).
  2. For multi-alias keystore imports, supply per-alias purposeMappings.
  3. Alternatively, import the key with a restrictive KeyUsage so the purpose can be derived automatically, then re-submit.

For full schema definitions, examples, and interactive testing, see the Developer Hub Reference.