Get the JSON Web Key Set (JWKS) for a project.
Within the JWKS, the JSON Web Keys are rotated every ~6 months. Upon rotation, new JWTs will be signed using the new key, and both keys will be returned by this endpoint for a period of 1 month.
JWTs have a set lifetime of 5 minutes, so there will be a 5 minute period where some JWTs will be signed by the old keys, and some JWTs will be signed by the new keys. The correct key to use for validation is determined by matching the kid value of the JWT and key.
If you're using one of our backend SDKs, the JSON Web Key (JWK) rotation will be handled for you.
If you're using your own JWT validation library, many have built-in support for JWK rotation, and you'll just need to supply this API endpoint. If not, your application should decide which JWK to use for validation by inspecting the kid value.
See our How to use Stytch Session JWTs guide for more information.