This endpoint returns Method’s public keys (used for encrypting your requests), not your own registered keys. To manage your own keys, use the Team JWKS API.
Caching
This endpoint includes cache control headers to optimize performance:Key Lifecycle
- Active Keys: Use keys with
status: "active"
for encryption - Deprecated Keys: Keys with
status: "deprecated"
will be removed after 90 days - Key Identification: Method JWKs always have their
kid
equal to theirid
Always use keys with
status: "active"
. Deprecated keys will be removed from the system after 90 days.Returns
Returns a JWKS object containing an array of Method’s public keys with their current status and metadata.Best Practices
- Cache Responses: Respect the
Cache-Control
header and cache responses for up to 1 hour - Use Active Keys: Always filter for keys with
status: "active"
when selecting keys for encryption - Handle Multiple Keys: Your application should be able to handle multiple active keys
- Monitor Webhooks: Subscribe to
method_jwk.create
andmethod_jwk.update
webhooks to stay informed of key changes - Graceful Degradation: Implement fallback logic for when preferred keys become deprecated
Environment-Specific Endpoints
Method’s JWKS endpoints are environment-specific:- Production:
https://production.methodfi.com/.well-known/jwks.json
- Sandbox:
https://sandbox.methodfi.com/.well-known/jwks.json
- Development:
https://dev.methodfi.com/.well-known/jwks.json