# Sign intents

Every API operation that changes your system in some way requires your signature. You complete these steps as part of intent proposal, approval, or rejection.

For more information, see the following sections:

- [Propose an intent to create an entity](/products/custody/v1.19/api/get-started/key-operations/update/intent-proposal#propose-an-intent-to-create-an-entity).
- [Approve and reject intents](/products/custody/v1.19/api/get-started/key-operations/update/intent-approval).


## Prerequisites

To sign a proposal intent, approval, or rejection request, you need the following:

- The private key you generated during registration. For more information, see [Generate a key pair and share the public key](/products/custody/v1.19/api/get-started/register#generate-a-key-pair-and-share-the-public-key).
- A request body in the pre-signature intent format. For more information, see [Dry run and signature request body](/products/custody/v1.19/api/reference/intent-structure#dry-run-and-signature-request-body).


## Sign an intent

To sign an intent:

1. Convert the request body to canonical JSON format, as follows:
  1. Remove spaces, tabs, and new lines (such as line feeds or carriage returns).
  2. Sort properties alphabetically, root level first, followed by each subsequent level in the hierarchy.
Do not sort arrays of objects.
  1. Remove fields with null values.
2. Hash the request body as a string, in SHA-256.
3. Submit the hashed request body along with your private key to the signing service.
4. Serialize the signature in DER format with base64 encoding.
5. Add the signature to the request body.


For an example of a signed request body, see [Propose an intent request body](/products/custody/v1.19/api/reference/intent-structure#propose-an-intent-request-body).