Hi Mat,
If you want to change or update a resource such as a petition, you'll need to submit a 'request signature' as an additional parameter rsig, generated using a resource authorization key. The idea here is that to do things beyond retrieving information, you should be authorized to do so (and the owner of the resource has the ability to change your access). rsigs are also always generated using an API user's secret token so we know it was actually the original API user who submitted the request.
For the
POST /petitions/:petition_id/signatures request, the
rsig parameter requires a petition authorization key.
More information here (under Request Signature) on how to build a proper
rsig for adding signatures to a petition.
So, the "Authorization Keys on Petitions" request is for requesting a key on a specific petition. By default, you will be granted a key so you can immediately start adding new signatures to a petition.
Hopefully that sheds some light onto this. Let me know if you still have questions.
Eric