You are here: Resources > Security > About the JSON Web Signature

About JSON Web Signature

The 'JSON Web Signature' (JWS) is used as part of a REST header to validate requests made to certain endpoints. This section will deal with generation of the JWS, for more details on usage within our REST endpoints please refer to security section of our REST API Documentation.

We're following the Open Banking standard for generating the JWS, for details see the Open Banking Payment Institution API Specification.

Generating a JSON Web Signature - Step-by-step

  1. Generate and download a private key and certificate using the Developer Dashboard, for details on how to do this see the PKI Management page in this guide.
  2. Obtain the certificate serial number by viewing the certificate details. This is stored as a hexadecimal number and will need to be decoded.
  3. Obtain the subject parameters from the certificate,
  4. Attribute Value Description
    OU Nuapay API Organization unit, this will always be 'Nuapay API' for certificates signed by Nuapay.
    CN a2av3py82w Common name, the originator technical ID
    O Nuapay Organization, will always be 'Nuapay' for certificates signed by Nuapay.
    L London Locality, will always be 'London' for certificates signed by Nuapay.
    C GB Country Name, two letter country code will always be 'GB' for certificates signed by Nuapay.
  5. The serial number and subject parameters will be used to create the Javascript Object Signing and Encryption (JOSE) header which must contain the following fields and is used in computing the JWS,
  6. Attribute Value Description
    alg RS256 Algorithm, always 'RS256'
    kid 2496611953 Key ID, use the decoded certificate serial number
    iat 0 Issued at, always '0'
    iss "C=GB, L=London, OU=Nuapay API, O=Nuapay, CN=a2av3py82w" Issuer, use the certificate subject parameters
    b64 false Base64 encoded payload, always 'false'
    crit ["b64","iat","iss"] Critical, always ["b64","iat","iss"]
  7. Finally compute the JWS using the JWS Generator utility. This can also be done via online tools or by following the RFC 7515 specification which is available here. You can find a sample JWS along with a sample PKI Key, Certificate and JOSE Header on our JWS Sample page.