Read JWKS

GET {{authPath}}/{{envID}}/as/jwks

The GET /{{envID}}/as/jwks endpoint returns the JSON Web Key Set (JWK) document as defined by RFC 7517. This document contains the public keys along with metadata that can be used to validate JWT signatures. This set includes an aggregate of all Key Rotation Policy (KRP) keys of all KRPs in an environment.

The following parameters are shown for each key:

kty

The is the key type, which identifies the cryptographic algorithm family used with the key. Options are RSA.

This is the RSA public exponent parameter, which is used in the RSA Key blinding operation.

kid

This is the key ID parameter, which is used to match a corresponding kid key value in the JWT token to validate the requestor and grant access to the specified API endpoint.

use

This is the public key use parameter, which identifies the intended use of the public key. Options are sig (signature) and enc (encryption).

This is the RSA modulus parameter, which is used in the RSA Key blinding operation.

x5t

This is an X.509 certificate SHA-1 thumbprint parameter, which is a base64url-encoded SHA-1 thumbprint of the DER encoding of an X.509 certificate.

x5c

This is an X.509 certificate chain parameter, which is a chain of one or more PKIX certificates.

RESPONSES

status: OK

{&quot;keys&quot;:[{&quot;kty&quot;:&quot;RSA&quot;,&quot;e&quot;:&quot;AQAB&quot;,&quot;use&quot;:&quot;sig&quot;,&quot;x5t&quot;:&quot;Za6ddv8nZnWoqvY6z61fiP8QwEo&quot;,&quot;kid&quot;:&quot;default&quot;,&quot;x5c&quot;:[&quot;MIIDLDCCAhSgAwIBAgIGAWW17v5GMA0GCSqG...&quot;],&quot;n&quot;:&quot;jgQ8twHSmSlT28I7iTi4-IsA3jgfhGPx0pIC27LTDf0...&quot;}]}