> ## Documentation Index
> Fetch the complete documentation index at: https://docs.knotapi.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Retrieve JWK
> Retrieve a public key in JWK format.
### Building the JWE
See code samples [here](/card-switcher/sending-card-data#code-samples) for how to structure and encrypt the JWE in various programming languages.
You can encrypt the payload you'll provide to the [Switch Card (JWE)](https://docs.knotapi.com/api-reference/products/card-switcher/switch-card-jwe) endpoint using your JWE public key. The JWE specifications are the following:
1. RSA 2048 certificate in JWK format
2. RSA-OAEP-256 as key encryption algorithm
3. A256GCM as content encryption algorithm
The JWE value should be a JSON string with the structure below. Additionally, in the development environment, the below values are sufficient to pass validation when building the JWE.
```json JSON icon="file-brackets-curly" theme={"system"}
{
"user": {
"name": {
"first_name": "Ada", // Max length: 255
"last_name": "Lovelace" // Max length: 255
},
"address": {
"street": "100 Main Street", // Max length: 46
"street2": "#100", // Max length: 46
"city": "NEW YORK", // Max length: 32
"region": "NY", // Must be an ISO 3166-2 sub-division code
"postal_code": "12345", // Min length: 5, Max length: 10
"country": "US" // Must be an ISO 3166-1 alpha-2 code
},
"phone_number": "+11234567890" // Must be in E.164 format
},
"card": {
"number": "4242424242424242",
"expiration": "08/2030", // MM/YYYY or MM/YY format
"cvv": "012" // Max length: 4
}
}
```
## OpenAPI
````yaml GET /jwe/key
openapi: 3.1.0
info:
title: Knot API
description: An API to interact with the Knot merchant connectivity platform.
version: 1.0.0
servers:
- url: https://development.knotapi.com
description: Development server
security:
- basicAuth: []
paths:
/jwe/key:
get:
description: Retrieve a public key in JWK format.
operationId: jwe_get_public_key
responses:
'200':
description: Successful request.
content:
application/json:
schema:
type: object
properties:
alg:
type: string
description: Algorithm intended for use with the key.
example: RSA-OAEP-256
e:
type: string
description: >-
Exponent value for the RSA public key in Base64 URL
format.
example: ...
key_ops:
type: array
items:
type: string
description: Operation permitted for the key.
example:
- encrypt
kid:
type: string
description: Unique identifier for the kid.
example: ...
kty:
type: string
description: Type of key.
example: RSA
'n':
type: string
description: Modulus value for the RSA public key in Base64 URL format.
example: ...
use:
type: string
description: Intended use of the key.
example: enc
'401':
description: Unauthorized request.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
examples:
AuthFailed:
summary: Auth failed
value:
error_type: INVALID_INPUT
error_code: INVALID_API_KEYS
error_message: Invalid client_id or secret provided.
components:
schemas:
Error:
type: object
properties:
error_type:
type: string
description: Type of error.
enum:
- INVALID_INPUT
- INVALID_REQUEST
- USER_ERROR
- SESSION_ERROR
- MERCHANT_ACCOUNT_ERROR
- MERCHANT_ERROR
- SUBSCRIPTION_ERROR
- TRANSACTION_ERROR
- CART_ERROR
example: INVALID_REQUEST
error_code:
type: string
description: Error code.
enum:
- INVALID_API_KEYS
- INVALID_FIELD
- INVALID_JWE
- INVALID_CURSOR_FORMAT
- USER_NOT_FOUND
- MERCHANT_ACCOUNT_NOT_FOUND
- MERCHANT_ACCOUNT_DISCONNECTED
- SESSION_NOT_FOUND
- EXTEND_NOT_SUPPORTED
- MERCHANT_UNAVAILABLE
- NO_ACCESS
- TRANSACTION_NOT_FOUND
- NO_TRANSACTIONS
- SUBSCRIPTION_NOT_FOUND
- ONGOING_OPERATION
- CART_NOT_FOUND
- FULFILLMENT_NOT_FOUND
example: INVALID_FIELD
error_message:
type: string
description: Detailed error message.
example: The limit may not be greater than 10.
securitySchemes:
basicAuth:
type: http
scheme: basic
description: >-
Basic authentication header of the form `Basic `, where
`` is the base64-encoded string `username:password`. Use
your `client_id` as the `username` and your `secret` as the `password`
value.
````