JOSE
Wise uses the JOSE framework to accept and respond with signed and encrypted payloads. The following endpoints allow you to manage keys that apply to this process.
For more information, please speak with your Implementation team.
Get Wise public signing key
GET /v1/auth/jwt-public-key?algorithm=ES512&scope=PAYLOAD_SIGNING
This endpoint returns a public key issued by Wise for verifying signed HTTP responses. These parameters must always be included.
The process involves storing this public key after retrieval. Attempts to verify a JWS response should be done with a previously fetched key. If verification fails, call this API once to issue a fresh key from Wise and then try verification one more time.
Supported algorithms are: ES256, ES384, ES512, PS256, PS384, PS512, RSA_OAEP_256, RSA_OAEP_384, RSA_OAEP_512.
Fetch a specific public key version. If omitted the most recent public key is provided.
Algorithm to be used for response signature verification. This must match the algorithm used during request signing.
Scope of the signature. Value must be PAYLOAD_SIGNING, which is the only scope we support at present.
Response
Returns a public key object.
Version of the public key issued.
Algorithm to be used with the key. Values can be ES512.
Public key material.
Scope of the key. Values will be PAYLOAD_SIGNING.
curl -X GET https://api.sandbox.transferwise.tech/v1/auth/jwt-public-key?algorithm=ES512&scope=PAYLOAD_SIGNING \-H 'Authorization: Bearer <your api token>'
{"version": 1,"keyMaterial": {"algorithm": "ES512","keyMaterial": "MIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgG+BRBc/UZG2fX0xaPXpl5kW191p1tkmnXGHoaiVNbI3lC4wpPBfEP4tZIXLm90+dGsdnxE1SJeoiZIFJ+swRmAwKxKj7i2xMMAg3AU3bZs3hPLznX5vLUzyGLC6V3bS0UuvL4uKPQTyEJV5RKHnXnhgRQj/5Yt9J4xh7OtJtTAgMBAAE="},"scope": "PAYLOAD_SIGNING"}