> For the complete documentation index, see [llms.txt](https://developer.usemultiplier.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://developer.usemultiplier.com/api-reference/authentication/jwks.md).

# JWKS

JSON Web Key Set endpoints for token verification

## Get JWKS public keys

> Returns the JSON Web Key Set (JWKS) containing all public keys used to verify JWTs\
> issued by the Strategic Partner service (e.g. webhook signatures).\
> \
> This endpoint follows the standard JWKS format defined in RFC 7517.\
> \
> \*\*Security:\*\*\
> \- This is an UNAUTHENTICATED public endpoint (standard for JWKS discovery)\
> \- Only public keys are exposed; private keys are never returned<br>

```json
{"openapi":"3.0.1","info":{"title":"Multiplier Public REST API","version":"1.0.0"},"tags":[{"name":"JWKS Controller","description":"JSON Web Key Set endpoints for token verification"}],"servers":[{"url":"https://api.usemultiplier.com","description":"Production API / Partner Sandbox"},{"url":"https://release-api-gateway.api.usemultiplier.com","description":"MPL internal release environment"},{"url":"https://api-gateway.api.acc.staging.usemultiplier.com","description":"MPL internal staging"}],"security":[],"paths":{"/v1/partner/.well-known/jwks.json":{"get":{"tags":["JWKS Controller"],"summary":"Get JWKS public keys","description":"Returns the JSON Web Key Set (JWKS) containing all public keys used to verify JWTs\nissued by the Strategic Partner service (e.g. webhook signatures).\n\nThis endpoint follows the standard JWKS format defined in RFC 7517.\n\n**Security:**\n- This is an UNAUTHENTICATED public endpoint (standard for JWKS discovery)\n- Only public keys are exposed; private keys are never returned\n","operationId":"getJwks","responses":{"200":{"description":"JWKS retrieved successfully","content":{"application/json":{"schema":{"required":["keys"],"type":"object","properties":{"keys":{"type":"object","description":"Array of JSON Web Keys","items":{"required":["alg","crv","kid","kty","x","y"],"type":"object","properties":{"kty":{"type":"object","description":"Key type — always \"EC\" for elliptic curve keys"},"crv":{"type":"object","description":"Elliptic curve name"},"kid":{"type":"object","description":"Key ID used to identify this key"},"x":{"type":"object","description":"Base64url-encoded x coordinate of the EC public key"},"y":{"type":"object","description":"Base64url-encoded y coordinate of the EC public key"},"alg":{"type":"object","description":"Algorithm associated with the key"}},"description":"An EC JSON Web Key (RFC 7517 / RFC 7518)"}}},"description":"JSON Web Key Set (RFC 7517)"}}}},"500":{"description":"Internal Server Error - Unexpected server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/StrategicPartner_ErrorResponse"}}}}}}}},"components":{"schemas":{"StrategicPartner_ErrorResponse":{"required":["code","correlationId","message","path","timestamp"],"type":"object","properties":{"timestamp":{"type":"string","description":"ISO-8601 UTC timestamp of when the error occurred","format":"date-time"},"code":{"type":"string","description":"HTTP status code category:\n- BAD_REQUEST: 400 - request validation or input error\n- UNAUTHORIZED: 401 - authentication failure\n- FORBIDDEN: 403 - authorization failure\n- NOT_FOUND: 404 - resource not found\n- CONFLICT: 409 - resource conflict\n- INTERNAL_SERVER_ERROR: 500 - unexpected server error\n- SERVICE_UNAVAILABLE: 503 - service unavailable\n"},"message":{"type":"string","description":"Human-readable summary of the error"},"path":{"type":"string","description":"The request path that caused the error"},"correlationId":{"type":"string","description":"Correlation ID for tracing this error across systems"},"errors":{"type":"array","description":"Field-level error details. Present only for validation errors (VALIDATION_ERROR); omitted or null for all other error types.","items":{"$ref":"#/components/schemas/StrategicPartner_ErrorItem"}},"error":{"required":["code","message","type"],"type":"object","properties":{"type":{"type":"object","description":"Error category for client-side handling:\n- ValidationError: Request validation failed\n- NotFoundError: Resource doesn't exist\n- ConflictError: Resource already exists or state conflict\n- AuthenticationError: Invalid credentials\n- AuthorizationError: Insufficient permissions\n- ServerError: Unexpected server error\n","enum":["ValidationError","NotFoundError","ConflictError","AuthenticationError","AuthorizationError","ServerError"]},"code":{"type":"object","description":"Common codes:\n- VALIDATION_FAILED: Request validation failed\n- RESOURCE_NOT_FOUND: Resource doesn't exist\n- RESOURCE_ALREADY_EXISTS: Duplicate resource\n- RESOURCE_CONFLICT: State conflict\n- AUTHENTICATION_FAILED: Invalid credentials\n- AUTHORIZATION_FAILED: Insufficient permissions\n- INTERNAL_ERROR: Server error\n","enum":["VALIDATION_FAILED","RESOURCE_NOT_FOUND","RESOURCE_ALREADY_EXISTS","RESOURCE_CONFLICT","AUTHENTICATION_FAILED","AUTHORIZATION_FAILED","INTERNAL_ERROR"]},"message":{"type":"object","description":"Human-readable error message"},"details":{"type":"object","description":"Field-level validation errors (only present for validation_error type)","items":{"$ref":"#/components/schemas/StrategicPartner_FieldError"}}},"description":"Deprecated: use top-level fields (timestamp, code, message, path, correlationId, errors) instead. This field will be removed in a future version.","deprecated":true}},"description":"Standard error response for all API errors"},"StrategicPartner_ErrorItem":{"required":["message"],"type":"object","properties":{"property":{"type":"string","description":"Property path that caused the error, using dot notation"},"message":{"type":"string","description":"Human-readable error message"}},"description":"Individual error item"},"StrategicPartner_FieldError":{"required":["field","message"],"type":"object","properties":{"field":{"type":"string","description":"Field path using dot notation for nested fields"},"message":{"type":"string","description":"Human-readable error message for this field"}},"description":"Field-level validation error"}}}}
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://developer.usemultiplier.com/api-reference/authentication/jwks.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
