Emergency Public-Private Key Rotation

This API regenerates a new public-private key pair for an existing application. All existing JWT tokens will be revoked immediately. This action should only be performed in case of a public-private key compromise. This action forces all users to reauthenticate, as all active JWT tokens will be invalidated.

Warning: Do not use this for automatic key rotation. JWTPlus handles key rotation internally.

Endpoint

GET /root/{app_id}/rotate/pki

Headers

Name	Type	Required	Description
Authorization	string	Yes	The `root-key` of the project.

Example Request

curl --request GET \
--url http://{{you-endpoint}}:{{your-port}}/root/{{app-id}}/rotate/pki \
--header 'Authorization: {{root-key}}'

const request = require('request');

const options = {
    method: 'GET',
    url: 'http://{{you-endpoint}}:{{your-port}}/root/{{app-id}}/rotate/pki',
    headers: {Authorization: '{{root-key}}'}
};

request(options, function (error, response, body) {
    if (error) throw new Error(error);

    console.log(body);
});

import requests

url = "http://{{you-endpoint}}:{{your-port}}/root/{{app-id}}/rotate/pki"

headers = {"Authorization": "{{root-key}}"}

response = requests.get(url, headers=headers)

print(response.json())

<?php
$client = new \GuzzleHttp\Client();

$response = $client->request('GET', 'http://{{you-endpoint}}:{{your-port}}/root/{{app-id}}/rotate/pki', [
    'headers' => [
    'Authorization' => '{{root-key}}',
    ],
]);

echo $response->getBody();

package main

import (
    "fmt"
    "net/http"
    "io"
)

func main() {

    url := "http://{{you-endpoint}}:{{your-port}}/root/{{app-id}}/rotate/pki"

    req, _ := http.NewRequest("GET", url, nil)

    req.Header.Add("Authorization", "{{root-key}}")

    res, _ := http.DefaultClient.Do(req)

    defer res.Body.Close()
    body, _ := io.ReadAll(res.Body)

    fmt.Println(res)
    fmt.Println(string(body))

}

AsyncHttpClient client = new DefaultAsyncHttpClient();
client.prepare("GET", "http://{{you-endpoint}}:{{your-port}}/root/{{app-id}}/rotate/pki")
    .setHeader("Authorization", "{{root-key}}")
    .execute()
    .toCompletableFuture()
    .thenAccept(System.out::println)
    .join();

client.close();

Example Success Response

{
"algo": "ES256",
"app_id": "{{app-id}}",
"new_public_key": "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFOWpkd1JWSTFTT2RsNGJDNkd5MHRycUVNc01DNQo2NW9VK3ltV2MvQ09JUTJlM0tkNGwvNkoweUlUMTFnT25UdERhOGdudXZKZ1JKc2JXNWQxZkMzUk5BPT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg=="
}

Response Fields

Field	Type	Description
algo	string	Your selected algo for the JWT signing and verification.
app_id	string	Unique identifier in ULID format for the created project.
new_public_key	string	The new base64 encode public key associated with the project for for frontend JWT verification.

Responses

Status Code	Description
200 Ok	Success
400 Bad Request	Mostly when the form validation fails. The error will be returned as a response.
403 Access Denied	When the provided root key in Authorization header is invalid.
500 Internal Server Error	Mostly because of the database error. Check the log for root cause.