About JSON Web Signature
The 'JSON Web Signature' (JWS) is used as part of a REST header to validate requests made to certain endpoints. This section will deal with generation of the JWS, for more details on usage within our REST endpoints please refer to security section of our REST API Documentation.
We're following the Open Banking standard for generating the JWS, for details see the Open Banking Payment Institution API Specification.
Generating a JSON Web Signature - Step-by-step
- Generate and download a private key and certificate using the Developer Dashboard, for details on how to do this see the PKI Management page in this guide.
- Obtain the certificate serial number by viewing the certificate details. This is stored as a hexadecimal number and will need to be decoded.
- Obtain the subject parameters from the certificate,
- Finally compute the JWS using the JWS Generator utility. This can also be done via online tools or by following the RFC 7515 specification which is available here. You can find a sample JWS along with a sample PKI Key, Certificate and JOSE Header on our JWS Sample page.
|OU||Nuapay API||Organization unit, this will always be 'Nuapay API' for certificates signed by Nuapay.|
|CN||a2av3py82w||Common name, the originator technical ID|
|O||Nuapay||Organization, will always be 'Nuapay' for certificates signed by Nuapay.|
|L||London||Locality, will always be 'London' for certificates signed by Nuapay.|
|C||GB||Country Name, two letter country code will always be 'GB' for certificates signed by Nuapay.|
|alg||RS256||Algorithm, always 'RS256'|
|kid||2496611953||Key ID, use the decoded certificate serial number|
|iat||0||Issued at, always '0'|
|iss||"C=GB, L=London, OU=Nuapay API, O=Nuapay, CN=a2av3py82w"||Issuer, use the certificate subject parameters|
|b64||false||Base64 encoded payload, always 'false'|
|crit||["b64","iat","iss"]||Critical, always ["b64","iat","iss"]|