To set up the API, follow these steps:
Log in to Nexus GO.
Click Services > Signing.
Select the signing service for which you want to set up the API. Click Set up API.
Enter a JWKS URL, see below for more information. Click Next. If it is not possible to expose a public endpoint, then check Use custom keys and enter the public key in the input field.
Click Next and Submit to confirm.
JSON Web Key Set (JWKS)
The signed assertion for authentication is validated with a public key. By using PKI, the signing key can be changed at any time without having to go to the admin portal and reconfigure it.
The web application shall expose the public key in a JSON Web Key Set (JWKS) on a URL and specify it in the configuration. For more information, see Authenticate to the PDF Signing API.
Example: JWKS
Here is an example of a response from a JWKS URL. The same value of kid
shall be sent in the assertion to the API.
Example: JWKS
CODE
{
"keys": [{
"kid": "ClientKeyRsa/53b562fc488e41e086a80aec9f352927",
"kty": "RSA",
"alg": "RS256",
"e": "AQAB",
"n": "prZ2lHMsgnqdQs6LS2JNA71XsL0TOxodkCFnKJ_ta_Zktbe_aNAU2PUaj0kGI-7GOikhXJ94k-sXZA8RTw-aj8q83xU-ogL1AcPdmFK0AEBa7Uod_qacEtHniQ_Z7jtHcBv9J3h0NThSKliN6zZIVnBDaJL9KtS36v2hvag8pL96K8mbfZbgxNowxnjp6iMObqrNwV5Et6j6BYu5wnMtFoK-fWEwz2BNLah_H83E0UBxsQOjw-1B7doNQEXGKwDva-ZL20BsnGsApxEbHxmAQkUc2pPYn8-nLdkouypqX6FGZ6b25n8vi2DbYaavBaf0UeJdKxBheL-fWu3GJqNmNQ"
}]
}
In case it is not possible to expose a public endpoint, the public key can also be explicitly stated. In this case, the single key shall be stated in JWK format:
Example: Single JWK
Here is an example of a single JWK. The same value of kid
shall be sent in the assertion to the API.
Example: Single JWK
CODE
{
"kid": "ClientKeyRsa/53b562fc488e41e086a80aec9f352927",
"kty": "RSA",
"alg": "RS256",
"e": "AQAB",
"n": "prZ2lHMsgnqdQs6LS2JNA71XsL0TOxodkCFnKJ_ta_Zktbe_aNAU2PUaj0kGI-7GOikhXJ94k-sXZA8RTw-aj8q83xU-ogL1AcPdmFK0AEBa7Uod_qacEtHniQ_Z7jtHcBv9J3h0NThSKliN6zZIVnBDaJL9KtS36v2hvag8pL96K8mbfZbgxNowxnjp6iMObqrNwV5Et6j6BYu5wnMtFoK-fWEwz2BNLah_H83E0UBxsQOjw-1B7doNQEXGKwDva-ZL20BsnGsApxEbHxmAQkUc2pPYn8-nLdkouypqX6FGZ6b25n8vi2DbYaavBaf0UeJdKxBheL-fWu3GJqNmNQ"
}