--- a/app/controllers/keys_controller.rb
+++ b/app/controllers/keys_controller.rb
@@ -3,25 +3,47 @@ class KeysController < ApplicationController
   
   def index
     @ssh_keys = current_user.ssh_keys
+    respond_to do |format|
+      format.html
+      format.xml { render :xml => @ssh_keys }
+    end
   end
   
   def new
     @ssh_key = current_user.ssh_keys.new
   end
-  
+  # respond_to do |format|
+  #   if @event.save
+  #     flash[:notice] = 'Event was successfully created.'
+  #     format.html { redirect_to(@event) }
+  #     format.xml  { render :xml => @event, :status => :created, :location => @event }
+  #   else
+  #     format.html { render :action => "new" }
+  #     format.xml  { render :xml => @event.errors, :status => :unprocessable_entity }
+  #   end
   def create
     @ssh_key = current_user.ssh_keys.new
     @ssh_key.key = params[:ssh_key][:key]
-    if @ssh_key.save
-      flash[:notice] = "Key added"
-      redirect_to account_path
-    else
-      render :action => "new"
+    
+    respond_to do |format|
+      if @ssh_key.save
+        flash[:notice] = "Key added"
+        format.html { redirect_to account_path }
+        format.xml  { render :xml => @ssh_key, :status => :created, :location => account_key_path(@ssh_key) }
+      else
+        format.html { render :action => "new" }
+        format.xml  { render :xml => @ssh_key.errors, :status => :unprocessable_entity }
+      end
     end
   end
   
   def show
     @ssh_key = current_user.ssh_keys.find(params[:id])
+    
+    respond_to do |format|
+      format.html
+      format.xml { render :xml => @ssh_key }
+    end
   end
 
   # can't update keys since yet we'd have to to search/replace through 

--- a/spec/controllers/keys_controller_spec.rb
+++ b/spec/controllers/keys_controller_spec.rb
@@ -28,6 +28,34 @@ describe KeysController, "index" do
   end
 end
 
+describe KeysController, "index.xml" do
+  
+  before(:each) do
+    authorize_as :johan
+  end
+  
+  def do_get
+    @request.env["HTTP_ACCEPT"] = "application/xml"
+    get :index
+  end
+  
+  it "requires login" do
+    authorize_as(nil)
+    do_get
+    response.code.to_i.should == 401
+  end
+  
+  it "GET account/keys is successful" do
+    do_get
+    response.should be_success
+  end
+  
+  it "scopes to the current_users keys" do
+    do_get
+    response.body.should == users(:johan).ssh_keys.to_xml
+  end
+end
+
 describe KeysController, "new" do
   
   before(:each) do
@@ -55,23 +83,26 @@ describe KeysController, "new" do
   end
 end
 
-describe KeysController, "create" do
-  
-  before(:each) do
-    login_as :johan
-  end
-  
-  def valid_key
+module KeyStubs
+    def valid_key
     <<-EOS
 ssh-rsa bXljYWtkZHlpemltd21vY2NqdGJnaHN2bXFjdG9zbXplaGlpZnZ0a3VyZWFz
 c2dkanB4aXNxamxieGVib3l6Z3hmb2ZxZW15Y2FrZGR5aXppbXdtb2NjanRi
 Z2hzdm1xY3Rvc216ZWhpaWZ2dGt1cmVhc3NnZGpweGlzcWpsYnhlYm95emd4
 Zm9mcWU= foo@example.com
 EOS
-  end
+    end
+
+    def invalid_key
+      "ooger booger wooger@burger"
+    end
+end
+
+describe KeysController, "create" do
+  include KeyStubs
   
-  def invalid_key
-    "ooger booger wooger@burger"
+  before(:each) do
+    login_as :johan
   end
   
   def do_post(opts={})
@@ -94,3 +125,32 @@ EOS
     response.should be_redirect
   end
 end
+
+describe KeysController, "create.xml" do
+  include KeyStubs
+  
+  before(:each) do
+    authorize_as :johan
+  end
+  
+  def do_post(opts={})
+    @request.env["HTTP_ACCEPT"] = "application/xml"
+    post :create, :ssh_key => {:key => valid_key}.merge(opts)
+  end
+  
+  it "should require login" do
+    authorize_as(nil)
+    do_post
+    response.code.to_i.should == 401
+  end
+  
+  it "scopes to the current_user" do
+    do_post
+    assigns[:ssh_key].user_id.should == users(:johan).id
+  end
+  
+  it "POST account/keys/create is successful" do
+    do_post
+    response.code.to_i.should == 201
+  end
+end