> ## Documentation Index
> Fetch the complete documentation index at: https://developer.eka.care/llms.txt
> Use this file to discover all available pages before exploring further.

# Update public keyset

> API to update the HIU's public keyset.

The client must generate a key pair, store the private key securely on their side, and push the public key and nonce to Eka using this API. This keyset can be updated at any time.

When requesting health data from external HIPs via ABDM, Eka shares this public key and nonce with the HIP. The client can then use their stored private key along with the public key shared by the external HIP to decrypt the health data received on the [Data Push Webhook](/api-reference/user-app/abdm-connect/webhooks/hiu-data-push).

For details on key generation, encryption, and decryption, refer to the [ABDM Encryption and Decryption Guide](https://sandbox.abdm.gov.in/sandbox/v3/new-documentation?doc=EncryptionandDecryptions).




## OpenAPI

````yaml PATCH /abdm/v1/hiu/keyset
openapi: 3.1.0
info:
  description: ABHA Registration and login APIs
  title: Registration
  version: 1.0.0
servers:
  - description: Production
    url: https://api.eka.care
  - description: Stage/Sandbox
    url: https://api.dev.eka.care
security: []
paths:
  /abdm/v1/hiu/keyset:
    patch:
      description: API to update client public keyset
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/RecordsUpdateKeysetRequest'
      responses:
        '200':
          description: OK
        4XX:
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericError'
          description: ''
        5XX:
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericError'
          description: ''
      security:
        - authApiKey: []
components:
  schemas:
    RecordsUpdateKeysetRequest:
      properties:
        nonce:
          description: Base64-encoded nonce for encryption key derivation
          type: string
        public_key:
          description: Base64-encoded ECDH public key for encryption
          type: string
      required:
        - public_key
        - nonce
      type: object
    GenericError:
      properties:
        code:
          type: integer
        error:
          type: string
        source_error:
          $ref: '#/components/schemas/SourceErr'
      type: object
    SourceErr:
      properties:
        code:
          type: string
        message:
          type: string
      type: object
  securitySchemes:
    authApiKey:
      description: The API requires a Bearer token (JWT) for authentication.
      scheme: bearer
      type: http

````