SAP Customer Data Cloud Positions

accounts.getJWTPublicKey REST

Skip to end of metadata
Go to start of metadata



This API allows retrieval of the public key necessary for validating an id_token returned from the accounts.getJWT API endpoint. As a public endpoint, this API requires no parameters, including a secret or userKey/secret pair, and only the API key of the site for which to retrieve the public key.



Request URL

Where <Data_Center> is:
  • - For the US data center.
  • - For the European data center.
  • - For the Australian data center.
  • - For the Russian data center.
  • - For the Chinese data center.

If you are not sure of your site's data center, see Finding Your Data Center.



apiKeystringThe API key of the site for which to return the public key.
V2BooleanIf this property is passed and the value is TRUE the response will contain a keys array containing the public key.
format string Determines the format of the response. The options are:
  • json (default)
  • jsonp - if the format is jsonp then you are required to define a callback method (see parameter below).
callback string This parameter is required only when the format parameter is set to jsonp (see above). In such cases this parameter should define the name of the callback method to be called in the response, along with the jsonp response data.
context string/JSON This parameter may be used to pass data through the current method and return it, unchanged, within the response.
ignoreInterruptions Boolean This may be used in some cases to suppress logic applied by the Web SDK, such as automatic opening of screens (e.g., in a registration completion scenario). This parameter may not be used with REST APIs.
httpStatusCodes Boolean The default value of this parameter is false, which means that the HTTP status code in Gigya's response is always 200 (OK), even if an error occurs. The error code and message is given within the response data (see below). If this parameter is set to true, the HTTP status code in Gigya's response would reflect an error, if one occurred.

Authorization Parameters

Each REST API request must contain identification and authorization parameters.

Some REST APIs may function without these authorization parameters, however, when that occurs, these calls are treated as client-side calls and all client-side rate limits will apply. In order to not reach client-side IP rate limits that may impact your implementation when using server-to-server REST calls, it is Recommended Best Practice to always sign the request or use a secret. A non-exhaustive list of REST APIs that this may apply to are as follows:

  • accounts.login
  • socialize.login
  • accounts.notifyLogin
  • socialize.notifyLogin
  • accounts.finalizeRegistration
  • accounts.linkAccounts

Please refer to the Authorization Parameters section for details. 


V2 Explanation

A response from a request without using the V2 parameter:

  "callId": "4212b870031843f4b20078df4ba2dafb",
  "errorCode": 0,
  "apiVersion": 2,
  "statusCode": 200,
  "statusReason": "OK",
  "time": "2019-05-01T08:55:32.676Z",
  "kty": "RSA",
  "n": "qoQah4MFGYedrbWwFc3UkC1hpZlnB2_E922yRJfHqpq2tTHL_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_d7cWnn163BMz46kAHtZXqXhNuj19IZRCDfNoqVVxxCIYvbsgInbzZM82CB86iYPAS7piijYn1S6hueVHGAzQorOetZevKIAvbH3kJXZ4KdY6Ffz5SFDJBxC3bycN4q2JM1qnyD53vcc0MitxyIUF7a06iJb5_xXBiA-3xnTI0FU5hw_k6x-sxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_2RAUxP1XORkrBGlPg9D7cBtQ",
  "e": "AQAB",
  "alg": "RS256",
  "use": "sig",


A response from a request using the V2 parameter set to TRUE:

  "callId": "f0fdd71233104847a34d6d78122c99c4",
  "errorCode": 0,
  "apiVersion": 2,
  "statusCode": 200,
  "statusReason": "OK",
  "time": "2019-05-01T08:59:06.004Z",
  "keys": [
      "alg": "RS256",
      "kty": "RSA",
      "n": "qoQah4MFGYedrbWwFc3UkC1hpZlnB2_E922yRJfHqpq2tTHL_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_d7cWnn163BMz46kAHtZXqXhNuj19IZRCDfNoqVVxxCIYvbsgInbzZM82CB86iYPAS7piijYn1S6hueVHGAzQorOetZevKIAvbH3kJXZ4KdY6Ffz5SFDJBxC3bycN4q2JM1qnyD53vcc0MitxyIUF7a06iJb5_xXBiA-3xnTI0FU5hw_k6x-sxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_2RAUxP1XORkrBGlPg9D7cBtQ",
      "e": "AQAB",
      "use": "sig"



Sample Requests


Response Data

For additional information on the specifications and definitions of fields returned in a JWK, please see the official Proposed Standard.
ktystringSpecifies the Key type returned (cryptographic family).
algstringSpecifies the algorithm to be used with this key.
usestringDescribes the use of of the public key (to encrypt the data or verify the signature)
kidstringThe key id used to distinguish between multiple keys in a given set or array.
nstringThe modulus. A base64url encoding of the returned id_token.
estringThe exponent value for the RSA public key, base64url encoded.
apiVersion integer Defines the API version that returned the response and may not always be returned.
callId string Unique identifier of the transaction, for debugging purposes.
errorCode integer The result code of the operation. Code '0' indicates success, any other number indicates failure. For a complete list of error codes, see the Error Codes table.
errorDetails string This field will appear in the response only in case of an error and will contain the exception info, if available.
errorMessage string A short textual description of an error, associated with the errorCode, for logging purposes. This field will appear in the response only in case of an error.
fullEventName string The full name of the event that triggered the response. This is an internally used parameter that is not always returned and should not be relied upon by your implementation.
time string The time of the response represented in ISO 8601 format, i.e., yyyy-mm-dd-Thh:MM:ss.SSSZ or
statusCode integer The HTTP response code of the operation. Code '200' indicates success.
This property is deprecated and only returned for backward compatibility.
statusReason string A brief explanation of the status code.
This property is deprecated and only returned for backward compatibility.


A field that does not contain data will not appear in the response.


Response Example

    "statusCode": 200,
    "errorCode": 0,
    "statusReason": "OK",
    "callId": "b9903932f64f4664a2de2949d1636a85",
    "time": "2016-12-06T18:27:27.499Z",
    "kty": "RSA",
    "alg": "RS256",
    "use": "sig",
    "kid": "c4c3e666b40*************ec5a824df1bfd449",
    "n": "0zLcDhqrrkHJCBJKtqAFIxqQtu-WcViGRDHC9O_*********************_zecuWmw34d_ZJf8PfQJaj_ulWDQgo4h_
    "e": "AQAB"


  • No labels