To do any signing operation through the PDF Signing API, you first need to require an access token. This access token is then used to authenticate yourself.
The client generates its own assertion by signing a JSON web token (JWT) that includes the Client ID. Nexus GO validates the assertion cryptographically with the public key specified in the setup, see Set up PDF Signing API in Nexus GO.
The assertion must be in the format of a signed JWT, including the client ID that was used to set up Nexus GO PDF Signing. See Set up PDF Signing API in Nexus GO.
Use these properties:
|sub||Client ID, get this from the configuration in the Nexus GO portal.|
|kid||Name of the signing key. The matching public key must be available in the JWKS endpoint. See Set up PDF Signing API in Nexus GO.|
|iss||Client issuer, can be any value.|
Issued at: The time at which the assertion was issued.
Expiration time: The time at which the assertion expires.
Here is an example of an assertion:
To get the access token, use the method