This API call returns all base64-encoded public keys ever created for a given project. The response includes active, revoked, and expired keys, making it useful for frontend JWT verification. You must provide a valid app-key in the authorization header to access the data.
GET /app/{app_id}/pub-keys
| Name | Type | Required | Description |
|---|---|---|---|
| Authorization | string | Yes | The app-key of the project. |
curl --request GET \
--url http://{{your-endpoint}}:{{your-port}}/app/{{app-id}}/pub-keys \
--header 'Authorization: {{app-key}}'const request = require('request');
const options = {
method: 'GET',
url: 'http://{{your-endpoint}}:{{your-port}}/app/{{app-id}}/pub-keys',
headers: {Authorization: '{{app-key}}'}
};
request(options, function (error, response, body) {
if (error) throw new Error(error);
console.log(body);
});import requests
url = "http://{{your-endpoint}}:{{your-port}}/app/{{app-id}}/pub-keys"
headers = {"Authorization": "{{app-key}}"}
response = requests.get(url, headers=headers)
print(response.json())<?php
$client = new \GuzzleHttp\Client();
$response = $client->request('GET', 'http://{{your-endpoint}}:{{your-port}}/app/{{app-id}}/pub-keys', [
'headers' => [
'Authorization' => '{{app-key}}',
],
]);
echo $response->getBody();package main
import (
"fmt"
"net/http"
"io"
)
func main() {
url := "http://{{your-endpoint}}:{{your-port}}/app/{{app-id}}/pub-keys"
req, _ := http.NewRequest("GET", url, nil)
req.Header.Add("Authorization", "{{app-key}}")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}AsyncHttpClient client = new DefaultAsyncHttpClient();
client.prepare("GET", "http://{{your-endpoint}}:{{your-port}}/app/{{app-id}}/pub-keys")
.setHeader("Authorization", "{{app-key}}")
.execute()
.toCompletableFuture()
.thenAccept(System.out::println)
.join();
client.close();{
"keys": [
{
"key_id": "01JMQGZKJ70G1CDDZBR8287C8K",
"public_key": "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFS2ZDdVlIcVNGK2UxQm9jOWFMUDBMRlFJY2J2aApzMHozY1N1RGtEWi9yanVzdVhMSENIOVd1VEhrbTFQUkd6RTVac0xxczVOb2p1cVExaXlSdjlaaHNnPT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==",
"key_type": "ECDSA",
"key_algo": "ES256",
"exp_time": 1771787319,
"is_expired": "yes",
"is_revoked": "no"
},
{
"key_id": "01JMV28FJVBKF0JG0YSG655EHY",
"public_key": "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFOWpkd1JWSTFTT2RsNGJDNkd5MHRycUVNc01DNQo2NW9VK3ltV2MvQ09JUTJlM0tkNGwvNkoweUlUMTFnT25UdERhOGdudXZKZ1JKc2JXNWQxZkMzUk5BPT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==",
"key_type": "ECDSA",
"key_algo": "ES256",
"exp_time": 1748146099,
"is_expired": "no",
"is_revoked": "no"
}
]
}| Field | Type | Description |
|---|---|---|
| keys | array | List of public keys associated with the project. |
| key_id | string (ULID) | Unique identifier for the key. |
| public_key | string | The base64-encoded public key. |
| key_type | string enum (RSA,ECDSA) | The cryptographic key type used (e.g., ECDSA). |
| key_algo | string enum (RS256, RS384, RS512, ES256, ES384, ES512, PS256, PS384, PS512) | The signing algorithm used (e.g., ES256). |
| exp_time | int | Expiration timestamp (Unix epoch) of the key. |
| is_expired | string | ndicates whether the key is expired (yes or no). |
| is_revoked | string | Indicates whether the key is revoked (yes or no). |
| Status Code | Description |
|---|---|
| 200 Ok | Success |
| 400 Bad Request | Mostly when the form validation fails. The error will be returned as a response. |
| 403 Access Denied | When the provided app key in Authorization header is invalid. |
| 500 Internal Server Error | Mostly because of the database error. Check the log for root cause details. |