Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

To set up the API, follow these steps:

  1. Log in to Nexus GO
  2. Click Services > Signing.
  3. Select the signing service for which you want to set up the API. Click Set up API.
  4. Enter a JWKS URL, see below for more information. Click Next.

    Note

    If it is not possible to expose a public endpoint, then check Use custom keys and enter the public key in the input field. 


  5. Click Next and Submit to confirm.

JSON Web Key Set (JWKS)

The signed assertion for authentication is validated with a public key. By using PKI, the signing key can be changed at any time without having to go to the admin portal and reconfigure it. 

The web application shall expose the public key in a JSON Web Key Set (JWKS) on a URL and specify it in the configuration. For more information, see copy - Authenticate to the PDF Signing API

Expandall

Expand
titleExample: JWKS

Here is an example of a response from a JWKS URL. The same value of kid shall be sent in the assertion to the API. 

Code Block
titleExample: JWKS
{
"keys": [{
   "kid": "ClientKeyRsa/53b562fc488e41e086a80aec9f352927",       
   "kty": "RSA",
   "alg": "RS256",
   "e": "AQAB",
   "n": "prZ2lHMsgnqdQs6LS2JNA71XsL0TOxodkCFnKJ_ta_Zktbe_aNAU2PUaj0kGI-7GOikhXJ94k-sXZA8RTw-aj8q83xU-ogL1AcPdmFK0AEBa7Uod_qacEtHniQ_Z7jtHcBv9J3h0NThSKliN6zZIVnBDaJL9KtS36v2hvag8pL96K8mbfZbgxNowxnjp6iMObqrNwV5Et6j6BYu5wnMtFoK-fWEwz2BNLah_H83E0UBxsQOjw-1B7doNQEXGKwDva-ZL20BsnGsApxEbHxmAQkUc2pPYn8-nLdkouypqX6FGZ6b25n8vi2DbYaavBaf0UeJdKxBheL-fWu3GJqNmNQ"
}]
}



In case it is not possible to expose a public endpoint, the public key can also be explicitly stated. In this case, the single key shall be stated in JWK format:

Expand
titleExample: Single JWK

Here is an example of a single JWK. The same value of kid shall be sent in the assertion to the API. 

Code Block
titleExample: Single JWK
{
   "kid": "ClientKeyRsa/53b562fc488e41e086a80aec9f352927",       
   "kty": "RSA",
   "alg": "RS256",
   "e": "AQAB",
   "n": "prZ2lHMsgnqdQs6LS2JNA71XsL0TOxodkCFnKJ_ta_Zktbe_aNAU2PUaj0kGI-7GOikhXJ94k-sXZA8RTw-aj8q83xU-ogL1AcPdmFK0AEBa7Uod_qacEtHniQ_Z7jtHcBv9J3h0NThSKliN6zZIVnBDaJL9KtS36v2hvag8pL96K8mbfZbgxNowxnjp6iMObqrNwV5Et6j6BYu5wnMtFoK-fWEwz2BNLah_H83E0UBxsQOjw-1B7doNQEXGKwDva-ZL20BsnGsApxEbHxmAQkUc2pPYn8-nLdkouypqX6FGZ6b25n8vi2DbYaavBaf0UeJdKxBheL-fWu3GJqNmNQ"
}



Related information

Links