Skip to main content
GET
/
.well-known
/
jwks.json
curl https://production.methodfi.com/.well-known/jwks.json

{
  "keys": [
    {
      "id": "mthd_jwk_12",
      "kid": "mthd_jwk_12",
      "kty": "RSA",
      "use": "enc",
      "alg": "RSA-OAEP-256",
      "n": "s3C9N7Vz...J7c",
      "e": "AQAB",
      "status": "active",
      "created_at": "2024-01-15T10:30:00Z", 
      "updated_at": "2024-01-15T10:30:00Z"
    },
    {
      "id": "mthd_jwk_11",
      "kid": "mthd_jwk_11", 
      "kty": "RSA",
      "use": "enc",
      "alg": "RSA-OAEP-256",
      "n": "x9D2M8Qw...K9f",
      "e": "AQAB",
      "status": "deprecated",
      "created_at": "2024-01-01T08:15:00Z",
      "updated_at": "2024-01-15T10:30:00Z"
    }
  ]
}
Retrieves Method’s complete JSON Web Key Set (JWKS) containing all public keys used for Message Level Encryption. This endpoint returns all of Method’s public keys that you can use to encrypt your requests.
This endpoint returns Method’s public keys (used for encrypting your requests), not your own registered keys. To manage your own keys, use the Team JWKS API.

Caching

This endpoint includes cache control headers to optimize performance: 
Cache-Control: public, max-age=3600
You should respect these cache headers and cache the response for up to 1 hour to reduce unnecessary requests.

Key Lifecycle

  • Active Keys: Use keys with status: "active" for encryption
  • Deprecated Keys: Keys with status: "deprecated" will be removed after 90 days
  • Key Identification: Method JWKs always have their kid equal to their id
Always use keys with status: "active". Deprecated keys will be removed from the system after 90 days.

Returns

Returns a JWKS object containing an array of Method’s public keys with their current status and metadata. 
curl https://production.methodfi.com/.well-known/jwks.json

{
  "keys": [
    {
      "id": "mthd_jwk_12",
      "kid": "mthd_jwk_12",
      "kty": "RSA",
      "use": "enc",
      "alg": "RSA-OAEP-256",
      "n": "s3C9N7Vz...J7c",
      "e": "AQAB",
      "status": "active",
      "created_at": "2024-01-15T10:30:00Z", 
      "updated_at": "2024-01-15T10:30:00Z"
    },
    {
      "id": "mthd_jwk_11",
      "kid": "mthd_jwk_11", 
      "kty": "RSA",
      "use": "enc",
      "alg": "RSA-OAEP-256",
      "n": "x9D2M8Qw...K9f",
      "e": "AQAB",
      "status": "deprecated",
      "created_at": "2024-01-01T08:15:00Z",
      "updated_at": "2024-01-15T10:30:00Z"
    }
  ]
}

Best Practices

  • Cache Responses: Respect the Cache-Control header and cache responses for up to 1 hour
  • Use Active Keys: Always filter for keys with status: "active" when selecting keys for encryption
  • Handle Multiple Keys: Your application should be able to handle multiple active keys
  • Monitor Webhooks: Subscribe to method_jwk.create and method_jwk.update webhooks to stay informed of key changes
  • Graceful Degradation: Implement fallback logic for when preferred keys become deprecated

Environment-Specific Endpoints

Method’s JWKS endpoints are environment-specific:
  • Production: https://production.methodfi.com/.well-known/jwks.json
  • Sandbox: https://sandbox.methodfi.com/.well-known/jwks.json
  • Development: https://dev.methodfi.com/.well-known/jwks.json