POST API/SignJWT
Signs and returns a JSON Web Token (JWT). Because a CodeSign Protect certificate digitally signed the token, the claims in the token can be verified and trusted.
Requirements
- Setup: See Setting up your HSM Client application.
- Permissions: The caller must be a Key User.
- Token scope: codesignclient
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Name |
Description |
---|---|
ClientInfo |
The ClientInfo object that manages code signing. |
ProccessInfo |
The ProcessInfo object that describes how to sign the JWT token. |
KeyId |
The GUID that uniquely identifies a Certificate environment. The Key ID allows you to digitally sign the JWT. To get the value, use the Guid from the POST Codesign/GetEnvironment response. |
Header |
The URL Safe Base-64 encoded header that originated from a JSON body. The value requires Javascript Object Signing and Encryption (JOSE) headers: alg:[algorithm] and typ: JWT. For more information, see https://datatracker.ietf.org/doc/html/rfc7515. Use a tool like https://jwt.io to convert the JSON to Base 64. |
Payload |
The URL Safe Base-64 encoded payload that originated from a JSON body. The payload contains registered, public, and or private claims that will be shared with other parties. Use a tool like https://jwt.io to convert the JSON to URL Safe Base-64 encoding. |
Returns
Use a tool to convert ResultData to JSON. The converted data should show additional kid and x5u headers. Be sure to confirm that the x5u header is a valid public key or key chain. The other headers should match the original JOSE Header that you passed in this API call.
Name |
Description |
---|---|
HTTP 200 |
For valid requests, this call returns a HTTP 200 message and the following data in the message body:
|
HTTP 400 |
For invalid requests, this call returns HTTP 400 Bad Request and the following data in the message body:
|
Example: Send a sign request
Request
POST https://test.venafi.example/vedhsm/API/SignJWT Authorization:Bearer 4MyGeneratedBearerTknz== { "ClientInfo":{ "ClientLibraryName":"pkcs11", "ClientLibraryVersion":"My client application or script name and version" }, "ProcessInfo":{ "Username":"Administrator", "Machine":"WIN-TS6P5P8LU80", "Executable":"C:\\Users\\Administrator\\Repo\\codesigningclients\\bin\\Pkcs11Config.exe", "CommandLine":"\"C:\\Users\\Administrator\\Repo\\codesigningclients\\bin\\Pkcs11Config.exe\" signjwt -label:Development Environment", "ExecutableSize":2919424, "ExecutableHash":"4137C3B4..." }, "KeyId":"{987225cf-ac4f-4ec5-93cc-b7af4d478815}", "Header":"eyJhbGci...", "Payload":"eyJzdWIiO..." }
Response
HTTP/1.1 200 OK { "ResultData": "ew0KICAiYWxnI...", "Success": true }