Issue keys for relying parties calling POST /api/credentials/verify and POST /api/v1/verification-requests. Register the org first, assign a policy, then issue sandbox or live keys. Real external partners require signed agreement before production keys.