JWT format

Each request to "" contains a JWT with attributes (claims):

1. [subject] who initiated the operation (employee, technical user)

2. [object] a user to be manipulated, of 2 natures:

   1. key keeper (for identification and processing accounts)

   2. customer

An example of JWT token payload:

{
  "flow": "sign-in" // enum - see below
  "obj": "123456789", // object
  "sub": "employee@email.com", // subject
  "iat": 1684501806, // issued at
  "exp": 1684501806, // expires at
}

JWT can be validated against a public key by kid (key list is published at /api/v1/.well-known/jwks.json). For testing purposes you can use an attached key (below) to validate the sample JWT (from above).

Parameter flow can have the following values:

• sign-in - authorization of client's operation (for example, payment);

• sign-up - creation of a new client or account;

• sign-up-processing - creation of a processing account;

• sign-up-emission - creation of an identification account;