How can I share the secret key of a mobile application with the server when I first create it?

So, now I'm working on a mobile application that will execute requests to the REST API built using Django.

To protect the API, I plan to use a system for checking pairs of private / public key pairs.

The workflow I thought out looks something like this:

• User logs in using Facebook
• As soon as the user signs the application, a private key is created
• The private key is shared with the server and the application so that the server knows that this private key is associated with a specific user.
• Each time a mobile application makes a request, the application generates an HMAC / signature using the request parameters and the private key. In addition to the HMAC, the application also sends the user_id of the user who sent it (this will act as a public key).
• When the server receives the request, it generates its own HMAC. It takes user_id and looks at the private key in the table. Using the private key, it recreates the HMAC with the request parameters and compares it with the HMAC that was sent by the mobile application. If the server and mobile phone have the corresponding HMAC, it performs the request.

Now my problem is in step 3, where the private key must somehow be shared with the mobile application and server. How can I securely send the private key?