> ## Documentation Index
> Fetch the complete documentation index at: https://docs.hanko.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Get JSON Web Key Set

> Retrieve a [JSON Web Key Set](https://www.rfc-editor.org/rfc/rfc7517#section-5) (JWKS) object containing the public `keys` used to verify
JSON Web Tokens (JWT) issued by the Hanko API and signed using the RS256 signing algorithm.




## OpenAPI

````yaml openapi-public get /.well-known/jwks.json
openapi: 3.0.0
info:
  version: 1.2.0
  title: Hanko Public API
  description: >
    ## Introduction


    This is the OpenAPI specification for the [Hanko Public
    API](https://github.com/teamhanko/hanko/blob/main/backend/README.md#basic-usage).


    ## Authentication


    The API uses [JSON Web Tokens](https://www.rfc-editor.org/rfc/rfc7519.html)
    (JWTs) for authentication.

    JWTs are verified using [JSON Web
    Keys](https://www.rfc-editor.org/rfc/rfc7517) (JWK).

    JWKs can be
    [configured](https://github.com/teamhanko/hanko/blob/main/backend/docs/Config.md#all-available-config-options)

    through the `secrets.keys` options. The API also publishes public
    cryptographic keys as a

    [JWK set](https://www.rfc-editor.org/rfc/rfc7517#section-2) through the
    `.well-known/jwks.json` endpoint

    to enable clients to verify token signatures.

    JWTs must be provided on requests to protected endpoints using one of the
    following schemes:


    ### CookieAuth


    **Security Scheme Type**: `API Key`


    **Cookie parameter name**: `hanko`


    The JWT must be provided in a Cookie with the name `hanko`.


    ### BearerTokenAuth


    **Security Scheme Type**: `http`


    **HTTP Authorization Scheme**: `Bearer`


    **Bearer format**: `JWT`


    The JWT must be provided in an HTTP Authorization header with bearer type:
    `Authorization: Bearer <JWT>`.


    ## Cross-Origin Resource Sharing

    Cross-Origin Resource Sharing (CORS) can be currently

    [configured](https://github.com/teamhanko/hanko/blob/main/backend/docs/Config.md#all-available-config-options)

    for public endpoints via the `server.public.cors` options.


    ---
  contact:
    email: developers@hanko.io
  license:
    name: AGPL-3.0-or-later
    url: https://www.gnu.org/licenses/agpl-3.0.txt
servers:
  - url: https://{tenant_id}.hanko.io
    variables:
      tenant_id:
        default: ''
        description: The (UU)ID of a tenant. Replace the default value with your tenant ID.
security: []
externalDocs:
  description: More about Hanko
  url: https://github.com/teamhanko/hanko
paths:
  /.well-known/jwks.json:
    get:
      tags:
        - .well-known
      summary: Get JSON Web Key Set
      description: >
        Retrieve a [JSON Web Key
        Set](https://www.rfc-editor.org/rfc/rfc7517#section-5) (JWKS) object
        containing the public `keys` used to verify

        JSON Web Tokens (JWT) issued by the Hanko API and signed using the RS256
        signing algorithm.
      operationId: getJwks
      responses:
        '200':
          description: JSON Web Key Set
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/JSONWebKeySet'
        '500':
          $ref: '#/components/responses/InternalServerError'
components:
  schemas:
    JSONWebKeySet:
      type: object
      properties:
        keys:
          type: array
          items:
            $ref: '#/components/schemas/JSONWebKey'
          externalDocs:
            description: RFC7517 - JSON Web Key (JWK) - Section 5.1
            url: https://www.rfc-editor.org/rfc/rfc7517#section-5.1
      externalDocs:
        description: RFC7517 - JSON Web Key (JWK) - Section 5
        url: https://www.rfc-editor.org/rfc/rfc7517#section-5
    JSONWebKey:
      type: object
      externalDocs:
        description: RFC7517 - JSON Web Key (JWK)
        url: https://datatracker.ietf.org/doc/html/rfc7517
      properties:
        alg:
          type: string
          example: RS256
          externalDocs:
            description: RFC7517 - JSON Web Key (JWK) - Section 4.4
            url: https://www.rfc-editor.org/rfc/rfc7517#section-4.4
        e:
          type: string
          format: base64url
          example: AQAB
          externalDocs:
            description: RFC7518 - JSON Web Algorithms (JWA) - Section 6.3.1.2
            url: https://www.rfc-editor.org/rfc/rfc7518#section-6.3.1.2
        kid:
          type: string
          example: d6ff37d7-e3d1-4432-ab80-b64faf55ae36
          externalDocs:
            description: RFC7517 - JSON Web Key (JWK) - Section 4.5
            url: https://www.rfc-editor.org/rfc/rfc7517#section-4.5
        kty:
          type: string
          example: RSA
          externalDocs:
            description: RFC7517 - JSON Web Key (JWK) - Section 4.1
            url: https://www.rfc-editor.org/rfc/rfc7517#section-4.1
        'n':
          type: string
          format: base64url
          example: vPFRUCRoxN3RygdJHR3S5BV-DDLw6n-7oUXtX0nr7Twl...
          externalDocs:
            description: RFC7518 - JSON Web Algorithms (JWA) - Section 6.3.1.1
            url: https://www.rfc-editor.org/rfc/rfc7518#section-6.3.1.1
        use:
          type: string
          example: sig
          externalDocs:
            description: RFC7517 - JSON Web Key (JWK) - Section 4.2
            url: https://www.rfc-editor.org/rfc/rfc7517#section-4.2
    Error:
      type: object
      required:
        - code
        - message
      properties:
        code:
          type: integer
          format: int32
        message:
          type: string
  responses:
    InternalServerError:
      description: Internal server error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            code: 500
            message: Internal Server Error

````