> ## Documentation Index
> Fetch the complete documentation index at: https://stytch.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Get JSON Web Key Set

> Retrieve the JSON Web Key Set (JWKS) for verifying session JWTs in a Stytch B2B application

### Key rotation

Within the JWKS, the JSON Web Keys are rotated every \~6 months. Upon rotation, new JWTs will be signed using the new key, and both keys will be returned by this endpoint for a period of 1 month.

JWTs have a set lifetime of 5 minutes, so there will be a 5 minute period where some JWTs will be signed by the old keys, and some JWTs will be signed by the new keys. The correct key to use for validation is determined by matching the kid value of the JWT and key.

If you're using one of our backend SDKs, the JSON Web Key rotation will be handled for you.

If you're using your own JWT validation library, many have built-in support for JWK rotation, and you'll just need to supply this API endpoint. If not, your application should decide which JWK to use for validation by inspecting the kid value.

[Learn more about JWTs and session tokens here.](/multi-tenant-auth/manage-sessions/jwts-and-tokens)


## OpenAPI

````yaml GET /v1/b2b/sessions/jwks/{project_id}
openapi: 3.0.3
info:
  title: Stytch API
  description: The Stytch API provides endpoints for authentication and user management.
  version: 2.1.1
  contact:
    name: Stytch Support
    url: https://stytch.com/docs
    email: support@stytch.com
servers:
  - url: https://api.stytch.com
    description: Production server
  - url: https://test.stytch.com
    description: Test server
security:
  - basicAuth: []
paths:
  /v1/b2b/sessions/jwks/{project_id}:
    get:
      tags:
        - Session
      summary: Getjwks
      description: >-
        Get the JSON Web Key Set (JWKS) for a project.


        Within the JWKS, the JSON Web Keys are rotated every ~6 months. Upon
        rotation, new JWTs will be signed using the new key, and both keys will
        be returned by this endpoint for a period of 1 month.


        JWTs have a set lifetime of 5 minutes, so there will be a 5 minute
        period where some JWTs will be signed by the old keys, and some JWTs
        will be signed by the new keys. The correct key to use for validation is
        determined by matching the `kid` value of the JWT and key.


        If you're using one of our [backend
        SDKs](https://stytch.com/docs/b2b/sdks), the JSON Web Key (JWK) rotation
        will be handled for you.


        If you're using your own JWT validation library, many have built-in
        support for JWK rotation, and you'll just need to supply this API
        endpoint. If not, your application should decide which JWK to use for
        validation by inspecting the `kid` value.


        See our [How to use Stytch Session
        JWTs](https://stytch.com/docs/b2b/guides/sessions/resources/using-jwts)
        guide for more information.
      operationId: api_b2b_session_v1_GetJWKS
      parameters:
        - name: project_id
          in: path
          required: true
          schema:
            type: string
            description: The `project_id` to get the JWKS for.
          description: The `project_id` to get the JWKS for.
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/api_b2b_session_v1_GetJWKSResponse'
        '400':
          description: Bad request
        '401':
          description: Unauthorized
          content:
            application/json:
              example:
                status_code: 401
                request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141
                error_type: unauthorized_credentials
                error_message: Unauthorized credentials.
                error_url: https://stytch.com/docs/api/errors/401
        '429':
          description: Too Many Requests
          content:
            application/json:
              example:
                status_code: 429
                request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141
                error_type: too_many_requests
                error_message: Too many requests have been made.
                error_url: https://stytch.com/docs/api/errors/429
        '500':
          description: Internal server error
          content:
            application/json:
              example:
                status_code: 500
                request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141
                error_type: internal_server_error
                error_message: >-
                  Oops, something seems to have gone wrong, please reach out to
                  support@stytch.com to let us know what went wrong.
                error_url: https://stytch.com/docs/api/errors/500
      x-code-samples:
        - lang: csharp
          label: C#
          source: |-
            // GET /v1/b2b/sessions/jwks/{project_id}
            const stytch = require('stytch');

            const client = new stytch.B2BClient({
              project_id: '${projectId}',
              secret: '${secret}',
            });

            const params = {
              project_id: "your-project-id",
            };

            client.Sessions.GetJWKS(params)
              .then(resp => { console.log(resp) })
              .catch(err => { console.log(err) });
        - lang: go
          label: Go
          source: "// GET /v1/b2b/sessions/jwks/{project_id}\npackage main\n\nimport (\n\t\"context\"\n\t\"log\"\n\n\t\"github.com/stytchauth/stytch-go/v18/stytch/b2b/b2bstytchapi\"\n\t\"github.com/stytchauth/stytch-go/v18/stytch/b2b/sessions\"\n)\n\nfunc main() {\n\tclient, err := b2bstytchapi.NewClient(\n\t\t\"${projectId}\",\n\t\t\"${secret}\",\n\t)\n\tif err != nil {\n\t\tlog.Fatalf(\"error instantiating client: %v\", err)\n\t}\n\n\tparams := &sessions.GetJWKSParams{\n\t\tProjectID: \"your-project-id\",\n\t}\n\n\tresp, err := client.Sessions.GetJWKS(context.Background(), params)\n\tif err != nil {\n\t\tlog.Fatalf(\"error in method call: %v\", err)\n\t}\n\n\tlog.Println(resp)\n}\n"
        - lang: java
          label: Java
          source: |-
            // GET /v1/b2b/sessions/jwks/{project_id}
            package com.example;

            import com.stytch.java.b2b.models.sessions.GetJWKSRequest;
            import com.stytch.java.b2b.StytchB2BClient;
            import com.stytch.java.common.StytchResult;

            public class Main {
                public static void main(String[] args) {
                    StytchB2BClient.configure("${projectId}", "${secret}");

                    GetJWKSRequest params = new GetJWKSRequest();
                    params.setProjectId("your-project-id");

                    Object result = StytchB2BClient.getSessions().getJWKS(params);
                    if (result instanceof StytchResult.Success) {
                      System.out.println(((StytchResult.Success) result).getValue());
                    } else {
                      System.out.println(((StytchResult.Error) result).getException());
                    }
                }
            }
        - lang: kotlin
          label: Kotlin
          source: |
            // GET /v1/b2b/sessions/jwks/{project_id}
            package com.example

            import com.stytch.java.b2b.StytchB2BClient
            import com.stytch.java.b2b.models.sessions.GetJWKSRequest

            fun main() {
                StytchB2BClient.configure(
                    projectId = "${projectId}",
                    secret = "${secret}",
                )

                when (
                    val result =
                        StytchB2BClient.sessions.getJWKS(
                            GetJWKSRequest(
                                projectId = "your-project-id",
                            ),
                        )
                ) {
                    is StytchResult.Success -> println(result.value)
                    is StytchResult.Error -> println(result.exception)
                }
            }
        - lang: javascript
          label: Node.js
          source: |-
            // GET /v1/b2b/sessions/jwks/{project_id}
            const stytch = require('stytch');

            const client = new stytch.B2BClient({
              project_id: '${projectId}',
              secret: '${secret}',
            });

            const params = {
              project_id: "your-project-id",
            };

            client.sessions.getJWKS(params)
              .then(resp => { console.log(resp) })
              .catch(err => { console.log(err) });
        - lang: php
          label: PHP
          source: |-
            $response = $client->sessions->get_jwks([
                'project_id' => 'your-project-id',
            ]);
        - lang: python
          label: Python
          source: |
            # GET /v1/b2b/sessions/jwks/{project_id}
            from stytch import B2BClient

            client = B2BClient(
                project_id="${projectId}",
                secret="${secret}",
            )

            resp = client.sessions.get_jwks(
                project_id="your-project-id",
            )

            print(resp)
        - lang: ruby
          label: Ruby
          source: |-
            # frozen_string_literal: true

            # GET /v1/b2b/sessions/jwks/{project_id}
            require 'stytch'

            client = StytchB2B::Client.new(
              project_id: "${projectId}",
              secret: "${secret}"
            )

            resp = client.sessions.get_jwks(
              project_id: "your-project-id"
              
            )

            puts resp
        - lang: rust
          label: Rust
          source: |-
            // GET /v1/b2b/sessions/jwks/{project_id}
            use stytch::b2b::client::Client;
            use stytch::b2b::sessions::GetJWKSRequest;

            fn main() {
                let client = Client::new("${projectId}", "${secret}").unwrap();
                let resp = client.sessions.get_jwks(
                    GetJWKSRequest{
                        project_id: "your-project-id",
                        ..Default::default()
                    }
                ).await;
                println!("The response is {:?}", resp);
            }
        - lang: bash
          label: cURL
          source: |-
            # GET /v1/b2b/sessions/jwks/{project_id}
            curl --request GET \
              --url https://test.stytch.com/v1/b2b/sessions/jwks/your-project-id \
              -u '${projectId}:${secret}' \
              -H 'Content-Type: application/json'
components:
  schemas:
    api_b2b_session_v1_GetJWKSResponse:
      type: object
      properties:
        keys:
          type: array
          items:
            $ref: '#/components/schemas/api_session_v1_JWK'
          description: The list of JWKs associated with the project.
        request_id:
          type: string
          description: >-
            Globally unique UUID that is returned with every API call. This
            value is important to log for debugging purposes; we may ask for
            this value to help identify a specific API call when helping you
            debug an issue.
        status_code:
          type: integer
          format: int32
          description: >-
            The HTTP status code of the response. Stytch follows standard HTTP
            response status code patterns, e.g. 2XX values equate to success,
            3XX values are redirects, 4XX are client errors, and 5XX are server
            errors.
      required:
        - keys
        - request_id
        - status_code
    api_session_v1_JWK:
      type: object
      properties:
        kty:
          type: string
        use:
          type: string
        key_ops:
          type: array
          items:
            type: string
        alg:
          type: string
        kid:
          type: string
        x5c:
          type: array
          items:
            type: string
        x5tS256:
          type: string
        'n':
          type: string
        e:
          type: string
      required:
        - kty
        - use
        - key_ops
        - alg
        - kid
        - x5c
        - x5tS256
        - 'n'
        - e
  securitySchemes:
    basicAuth:
      type: http
      scheme: basic

````