To set up the API, follow these steps:
Enter a JWKS URL, see below for more information. Click Next.
If it is not possible to expose a public endpoint, then check Use custom keys and enter the public key in the input field.
The signed assertion for authentication is validated with a public key. By using PKI, the signing key can be changed at any time without having to go to the admin portal and reconfigure it.
The web application shall expose the public key in a JSON Web Key Set (JWKS) on a URL and specify it in the configuration. For more information, see Authenticate to the PDF Signing API.
Here is an example of a response from a JWKS URL. The same value of
In case it is not possible to expose a public endpoint, the public key can also be explicitly stated. In this case, the single key shall be stated in JWK format:
Here is an example of a single JWK. The same value of