Documentation Index
Fetch the complete documentation index at: https://docs.apinizer.com/llms.txt
Use this file to discover all available pages before exploring further.
Endpoint
POST /apiops/projects/{projectName}/jwks/
Authentication
Requires a Personal API Access Token.
Authorization: Bearer YOUR_TOKEN
Request
| Header | Value | Required |
|---|
| Authorization | Bearer {token} | Yes |
| Content-Type | application/json | Yes |
Path Parameters
| Parameter | Type | Required | Description |
|---|
| projectName | string | Yes | Project name |
Request Body
The request body varies based on the sourceType. All source types require:
{
"name": "my-jwk",
"description": "JWK for API authentication",
"sourceType": "URL"
}
Source Type: URL
{
"name": "my-jwk",
"description": "JWK from URL",
"sourceType": "URL",
"url": "https://example.com/.well-known/jwks.json",
"urlOptionConnectTimeout": 5000,
"urlOptionReadTimeout": 10000,
"urlOptionSizeLimit": 1048576,
"kid": "key-id-1"
}
kid to specify which key to use from the array.
Source Type: COPY_PASTE
{
"name": "my-jwk",
"description": "JWK from JSON string",
"sourceType": "COPY_PASTE",
"jwkStr": "{\"kty\":\"RSA\",\"n\":\"...\",\"e\":\"AQAB\"}",
"kid": "key-id-1"
}
jwkStr contains a JWK Set (array of keys), use kid to specify which key to use from the array.
Source Type: CERTIFICATE
{
"name": "my-jwk",
"description": "JWK from certificate",
"sourceType": "CERTIFICATE",
"certificateName": "my-certificate",
"environmentName": "production",
"useType": "SIGNATURE",
"algorithm": "RS256"
}
Source Type: PUBLIC_KEY or PRIVATE_KEY
{
"name": "my-jwk",
"description": "JWK from key",
"sourceType": "PUBLIC_KEY",
"keyName": "my-key",
"environmentName": "production",
"useType": "SIGNATURE",
"algorithm": "RS256"
}
Source Type: KEYSTORE
{
"name": "my-jwk",
"description": "JWK from keystore",
"sourceType": "KEYSTORE",
"keyStoreName": "my-keystore",
"environmentName": "production",
"aliasName": "my-alias",
"useType": "SIGNATURE",
"algorithm": "RS256"
}
Request Body Fields
| Field | Type | Required | Description |
|---|
| name | string | Yes | JWK name (unique identifier) |
| description | string | No | JWK description |
| sourceType | string | Yes | Source type: URL, COPY_PASTE, CERTIFICATE, PUBLIC_KEY, PRIVATE_KEY, KEYSTORE |
| url | string | Conditional | URL to fetch JWK from (required if sourceType is URL) |
| urlOptionConnectTimeout | integer | No | Connection timeout in milliseconds (default: 5000) |
| urlOptionReadTimeout | integer | No | Read timeout in milliseconds (default: 10000) |
| urlOptionSizeLimit | integer | No | Maximum response size in bytes (default: 1048576) |
| jwkStr | string | Conditional | JWK JSON string (required if sourceType is COPY_PASTE) |
| certificateName | string | Conditional | Certificate name (required if sourceType is CERTIFICATE) |
| keyName | string | Conditional | Key name (required if sourceType is PUBLIC_KEY or PRIVATE_KEY) |
| keyStoreName | string | Conditional | Keystore name (required if sourceType is KEYSTORE) |
| kid | string | Conditional | Key ID (kid) - Required for URL and COPY_PASTE source types when the source contains multiple keys (JWK Set) |
| environmentName | string | Conditional | Environment name (required for CERTIFICATE, KEY, KEYSTORE source types) |
| aliasName | string | Conditional | Alias name in keystore (required if sourceType is KEYSTORE) |
| useType | string | Conditional | Use type: SIGNATURE, ENCRYPTION (required for CERTIFICATE, KEY, KEYSTORE source types) |
| algorithm | string | Conditional | Algorithm to use with the key (required for CERTIFICATE, KEY, KEYSTORE source types). See Notes section for valid algorithm values based on key type and useType. |
Notes
name must be unique within the project- For
GENERATE source type, use the Generate JWK endpoint
- Certificate, Key, and Keystore must exist and be accessible in the specified environment
- JWK is automatically deployed to all environments after creation
- algorithm: This field specifies the cryptographic algorithm to use with the key. The value must match the key type and useType:
- RSA with SIGNATURE:
RS256, RS384, RS512, PS256, PS384, PS512
- RSA with ENCRYPTION:
RSA1_5 (deprecated), RSA-OAEP (deprecated), RSA-OAEP-256, RSA-OAEP-384, RSA-OAEP-512
- EC with SIGNATURE:
ES256, ES384, ES512, ES256K
- EC with ENCRYPTION:
ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-1PU, ECDH-1PU+A128KW, ECDH-1PU+A192KW, ECDH-1PU+A256KW
- OCT with SIGNATURE:
HS256, HS384, HS512
- OCT with ENCRYPTION:
A128KW, A192KW, A256KW, A128GCMKW, A192GCMKW, A256GCMKW, DIR, PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW
- OKP with SIGNATURE:
EdDSA
- OKP with ENCRYPTION:
ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, ECDH-1PU, ECDH-1PU+A128KW, ECDH-1PU+A192KW, ECDH-1PU+A256KW
- Important:
algorithm must be a valid algorithm name, not a key type (e.g., use RS256 not RSA)
Response
Success Response (200 OK)
{
"success": true,
"deploymentResult": {
"success": true,
"message": "Deployment completed successfully",
"environmentResults": [
{
"environmentName": "production",
"success": true,
"message": "Deployed successfully"
},
{
"environmentName": "staging",
"success": true,
"message": "Deployed successfully"
}
]
}
}
Error Response (400 Bad Request)
{
"error": "bad_request",
"error_description": "JWK name can not be empty!"
}
{
"error": "bad_request",
"error_description": "JWK (name: my-jwk) is already exist! Try update operation if want to change its value."
}
{
"error": "bad_request",
"error_description": "Source type is required!"
}
{
"error": "bad_request",
"error_description": "URL is required for URL source type!"
}
{
"error": "bad_request",
"error_description": "Certificate (name: my-certificate) is not found!"
}
cURL Example
Example 1: Create JWK from URL
curl -X POST \
"https://demo.apinizer.com/apiops/projects/MyProject/jwks/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "my-jwk",
"description": "JWK from URL",
"sourceType": "URL",
"url": "https://example.com/.well-known/jwks.json"
}'
Example 2: Create JWK from JSON String
curl -X POST \
"https://demo.apinizer.com/apiops/projects/MyProject/jwks/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "my-jwk",
"description": "JWK from clipboard",
"sourceType": "COPY_PASTE",
"jwkStr": "{\"kty\":\"RSA\",\"n\":\"...\",\"e\":\"AQAB\"}"
}'
Example 3: Create JWK from Certificate
curl -X POST \
"https://demo.apinizer.com/apiops/projects/MyProject/jwks/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "my-jwk",
"description": "JWK from certificate",
"sourceType": "CERTIFICATE",
"certificateName": "my-certificate",
"environmentName": "production",
"useType": "SIGNATURE",
"algorithm": "RS256"
}'
Notes and Warnings
-
JWK Name:
- Must be unique within the project
- Cannot be changed after creation
-
Source Types:
URL: Fetches JWK from a remote URLCOPY_PASTE: Creates JWK from JSON stringCERTIFICATE: Extracts JWK from existing certificatePUBLIC_KEY/PRIVATE_KEY: Extracts JWK from existing keyKEYSTORE: Extracts JWK from keystore aliasGENERATE: Use Generate JWK endpoint instead
-
Automatic Deployment:
- JWK is automatically deployed after creation
- Deployment results are returned in the response
Permissions
User must have SECRETS + MANAGE permission in the project. For deployment operations (when deploying JWKs to environments), user must also have SECRETS + DEPLOY_UNDEPLOY permission.
