---
title: Read JWKS
description: The GET /{{envID}}/as/jwks endpoint returns the JSON Web Key Set (JWK) document as defined by RFC 7517. This document contains the public keys along with metadata that can be used to validate JWT signatures. This set includes an aggregate of all Key Rotation Policy (KRP) keys of all KRPs in an environment.
component: pingone-api
page_id: pingone-api:auth:openid-connect-oauth-2/read-jwks
canonical_url: https://developer.pingidentity.com/pingone-api/auth/openid-connect-oauth-2/read-jwks.html
section_ids:
  example-request: Example Request
  example-response: Example Response
---

# Read JWKS

##

```none
GET {{authPath}}/{{envID}}/as/jwks
```

The `GET /{{envID}}/as/jwks` endpoint returns the JSON Web Key Set (JWK) document as defined by [RFC 7517](https://datatracker.ietf.org/doc/html/rfc7517). This document contains the public keys along with metadata that can be used to validate JWT signatures. This set includes an aggregate of all Key Rotation Policy (KRP) keys of all KRPs in an environment.

The following parameters are shown for each key:

* `kty`

  The is the key type, which identifies the cryptographic algorithm family used with the key. Options are `RSA`.

* `e`

  This is the RSA public exponent parameter, which is used in the RSA Key blinding operation.

* `kid`

  This is the key ID parameter, which is used to match a corresponding `kid` key value in the JWT token to validate the requestor and grant access to the specified API endpoint.

* `use`

  This is the public key use parameter, which identifies the intended use of the public key. Options are `sig` (signature) and `enc` (encryption).

* `n`

  This is the RSA modulus parameter, which is used in the RSA Key blinding operation.

* `x5t`

  This is an X.509 certificate SHA-1 thumbprint parameter, which is a base64url-encoded SHA-1 thumbprint of the DER encoding of an X.509 certificate.

* `x5c`

  This is an X.509 certificate chain parameter, which is a chain of one or more PKIX certificates.

##

### Example Request

* cURL

* C#

* Go

* HTTP

* Java

* jQuery

* NodeJS

* Python

* PHP

* Ruby

* Swift

```shell
curl --location --globoff '{{authPath}}/{{envID}}/as/jwks'
```

```csharp
var options = new RestClientOptions("{{authPath}}/{{envID}}/as/jwks")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Get);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
```

```golang
package main

import (
  "fmt"
  "net/http"
  "io"
)

func main() {

  url := "{{authPath}}/{{envID}}/as/jwks"
  method := "GET"

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, nil)

  if err != nil {
    fmt.Println(err)
    return
  }
  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
```

```http
GET /{{envID}}/as/jwks HTTP/1.1
Host: {{authPath}}
```

```java
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("text/plain");
RequestBody body = RequestBody.create(mediaType, "");
Request request = new Request.Builder()
  .url("{{authPath}}/{{envID}}/as/jwks")
  .method("GET", body)
  .build();
Response response = client.newCall(request).execute();
```

```javascript
var settings = {
  "url": "{{authPath}}/{{envID}}/as/jwks",
  "method": "GET",
  "timeout": 0,
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
```

```javascript
var request = require('request');
var options = {
  'method': 'GET',
  'url': '{{authPath}}/{{envID}}/as/jwks',
  'headers': {
  }
};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
```

```python
import requests

url = "{{authPath}}/{{envID}}/as/jwks"

payload = {}
headers = {}

response = requests.request("GET", url, headers=headers, data=payload)

print(response.text)
```

```php
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{authPath}}/{{envID}}/as/jwks');
$request->setMethod(HTTP_Request2::METHOD_GET);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
```

```ruby
require "uri"
require "net/http"

url = URI("{{authPath}}/{{envID}}/as/jwks")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
```

```swift
var request = URLRequest(url: URL(string: "{{authPath}}/{{envID}}/as/jwks")!,timeoutInterval: Double.infinity)
request.httpMethod = "GET"

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()
```

### Example Response

200 OK

```json
{
    "keys": [
        {
            "kty": "RSA",
            "e": "AQAB",
            "use": "sig",
            "x5t": "Za6ddv8nZnWoqvY6z61fiP8QwEo",
            "kid": "default",
            "x5c": [
                "MIIDLDCCAhSgAwIBAgIGAWW17v5GMA0GCSqG..."
            ],
            "n": "jgQ8twHSmSlT28I7iTi4-IsA3jgfhGPx0pIC27LTDf0..."
        }
    ]
}
```