JSON Web Signature

About the JSON Web Signature

The ‘JSON Web Signature’ (JWS) is used as part of a REST header to validate requests made to certain endpoints (Create Beneficiary and Create Credit Transfer, for example).

Note that:

  • Having this header indicates that you have signed the request with your private key.
  • Any requests to the specific endpoints that require a JWS header, which do not include it, will fail.
A JWS signature header is mandatory for specific requests for the purposes of non-repudiation. Where the JWS is required for a specific endpoint, this will be called out in the API description provided in this documentation. By providing a JWS signature you are ensuring that you, as merchant (or as a partner on behalf of a merchant), have generated the request; no other party has been involved; no tampering has occurred. While the JWS header is mandatory for Credit Transfer endpoints, it may also be used in all Nuapay endpoints if required.

Steps Required to Generate a Valid Header

It is possible to configure your certificate via:

  • The User Interface

User Interface Approach

To create a JOSE header via the UI you will need to:

  • Log on to the Developer Dashboard.
  • Generate a Private Key and a Certificate.
  • Retrieve the certificate serial number and decode it.
  • Extract the issuer details from your certificate.
  • Use these details in your code to generate the JWS Signature when required.

REST Approach

To create a JOSE header via REST you will need to:

Setup Approaches

For more details on the configuration steps see: