> ## Documentation Index
> Fetch the complete documentation index at: https://developer.suki.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# JWKS URL

> Public key endpoint for JWT token verification and signature validation

Use this public endpoint to get the <Tooltip tip="JSON Web Key Set. A set of keys containing the public keys used to verify any JWT issued by the authorization server." cta="View in Glossary" href="/Glossary/j">JWKS</Tooltip> (JSON Web Key Set) containing Suki's public keys. Use these keys to verify the signature of any <Tooltip tip="JSON Web Token. A compact, URL-safe means of representing claims used for authentication and information exchange." cta="View in Glossary" href="/Glossary/j">JWT</Tooltip> issued by Suki, such as the `suki_token`.

This endpoint follows the **RFC 7517** standard.

<Note>
  **Authentication**

  This is a public endpoint and does not require authentication.
</Note>

## Key use cases

* **Verify Tokens**: Confirm the authenticity of the `suki_token` you receive from our authentication API.

* **Handle Key Rotation**: Automatically discover new public keys when Suki rotates its signing keys.

* **Maintain Security**: Follow industry best practices for JWT validation.

## Code examples

<Tabs>
  <Tab title="Python">
    ```python theme={"theme":{"light":"github-dark","dark":"material-theme-darker"}}
    import requests

    url = "https://sdp.suki-stage.com/api/auth/.well-known/jwks-pub.json"

    response = requests.get(url)

    if response.status_code == 200:
        jwks = response.json()
        print("Public keys retrieved successfully")
        print(f"Keys: {jwks}")
    else:
        print(f"Failed to retrieve JWKS: {response.status_code}")
    ```
  </Tab>

  <Tab title="TypeScript">
    ```typescript theme={"theme":{"light":"github-dark","dark":"material-theme-darker"}}
    const response = await fetch('https://sdp.suki-stage.com/api/auth/.well-known/jwks-pub.json');

    if (response.ok) {
      const jwks = await response.json();
      console.log('Public keys retrieved successfully');
      console.log('Keys:', jwks);
    } else {
      console.error(`Failed to retrieve JWKS: ${response.status}`);
    }
    ```
  </Tab>
</Tabs>


## OpenAPI

````yaml GET /api/auth/.well-known/jwks-pub.json
openapi: 3.0.1
info:
  title: Suki Developer Platform
  description: >-
    REST and WebSocket APIs for the Suki Developer Platform. Authenticate with
    Login or Register to obtain a Suki access token, then integrate ambient
    clinical documentation, form filling, transcription, and reference metadata
    endpoints.
  contact: {}
  version: '1.0'
servers:
  - url: https://sdp.suki.ai
    description: >-
      Production base URL for Suki Developer Platform REST APIs. WebSocket
      endpoints use the same host with `wss://`.
security:
  - SukiTokenAuth: []
paths:
  /api/auth/.well-known/jwks-pub.json:
    get:
      tags:
        - /api/auth
      summary: Get JWKS public keys
      description: >-
        Returns the JSON Web Key Set (JWKS) with public keys Suki uses to verify
        partner tokens. Use this endpoint when configuring JWT signature
        validation for your identity provider.
      parameters: []
      responses:
        '200':
          description: JWKS document with public keys for partner token verification.
          content:
            '*/*':
              schema:
                $ref: '#/components/schemas/controllers.PublicKeyData'
      security: []
components:
  schemas:
    controllers.PublicKeyData:
      type: object
      properties:
        keys:
          type: array
          items:
            $ref: '#/components/schemas/controllers.KeyData'
          description: Array of JSON Web Keys used to verify partner token signatures.
      description: JSON Web Key Set document for partner token verification.
    controllers.KeyData:
      type: object
      properties:
        alg:
          type: string
          description: The specific cryptographic algorithm used with the key.
          example: RS256
        e:
          type: string
          description: >-
            The exponent for the RSA public key :
            https://tools.ietf.org/html/rfc7518#page-30
          example: AQAB
        kid:
          type: string
          description: The unique identifier for the key.
          example: partner-jwks-key-1
        kty:
          type: string
          description: The family of cryptographic algorithms used with the key.
          example: RSA
        'n':
          type: string
          description: >-
            The modulus for the RSA public key :
            https://tools.ietf.org/html/rfc7518#page-30
          example: >-
            yeNlzlub94YgerT030codqEztjfU_S6X4DbDA_iVKkjAWtYfPHDzz_sPCT1Axz6isZdf3lHpq_gYX4Sz-cbe4rjmigxUxr-FgKHQy3HeCdK6hNq9ASQvMK9LBOpXDNn7mei6RZWom4wo3CMvvsY1w8tjtfLb-yQwJPltHxShZq5-ihC9irpLI9xEBTgG12q5lGIFPhTl_7inA1PFK97LuSLnTJzW0bj096v_TMDg7pOWm_zHtF53qbVsI0e3v5nmdKXdFf9BjIARRfVrbxVxiZHjU6zL6jY5QJdh1QCmENoejj_ytspMmGW7yMRxzUqgxcAqOBpVm0b-_mW3HoBdjQ
        use:
          type: string
          description: How the key was meant to be used; sig represents the signature.
          example: sig
      description: >-
        Each property in the key is defined by the JWK specification
        https://datatracker.ietf.org/doc/html/rfc7517#section-4 or, for
        algorithm-specific properties, in https://tools.ietf.org/html/rfc7518
  securitySchemes:
    SukiTokenAuth:
      type: apiKey
      in: header
      name: sdp_suki_token
      description: >-
        Suki access token for the authenticated provider. Obtain this by calling
        Login or Register with a valid `partner_token`. Pass the `suki_token`
        value from the JSON response as the `sdp_suki_token` header on REST
        requests and non-browser WebSocket upgrades. Browser WebSocket clients
        pass the token in `Sec-WebSocket-Protocol` instead. Tokens expire after
        one hour; call Login again to refresh.

````