# Retrieve JSON Web Key Set (JWKS)

GET https://api.prolific.com/.well-known/study/jwks.json

Fetches the public keys that can be used to verify JWTs signed by Prolific. Clients should cache these keys and update them at least daily.

To verify the signature of a JWT you must verify the following:
* The JWT signature is authentic by verifying it with the public key from Prolific that correlates with the KID.
* The JWT hasn't expired, by checking the `exp` claim.
* The `aud` claim is the correct domain for your tool.
* The `prolific` value matches your expected payload as set in the `external_study_url` property.


Reference: https://beta-docs.prolific.com/api-reference/well-known-endpoints/get-study-jwks

## OpenAPI Specification

```yaml
openapi: 3.1.1
info:
  title: Retrieve JSON Web Key Set (JWKS)
  version: endpoint_wellKnownEndpoints.getStudyJwks
paths:
  /.well-known/study/jwks.json:
    get:
      operationId: get-study-jwks
      summary: Retrieve JSON Web Key Set (JWKS)
      description: >
        Fetches the public keys that can be used to verify JWTs signed by
        Prolific. Clients should cache these keys and update them at least
        daily.


        To verify the signature of a JWT you must verify the following:

        * The JWT signature is authentic by verifying it with the public key
        from Prolific that correlates with the KID.

        * The JWT hasn't expired, by checking the `exp` claim.

        * The `aud` claim is the correct domain for your tool.

        * The `prolific` value matches your expected payload as set in the
        `external_study_url` property.
      tags:
        - - subpackage_wellKnownEndpoints
      parameters: []
      responses:
        '200':
          description: Successful response with the JWKS.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/JWKSResponse'
components:
  schemas:
    JwkKty:
      type: string
      enum:
        - value: RSA
    JwkAlg:
      type: string
      enum:
        - value: RS256
    JwkUse:
      type: string
      enum:
        - value: sig
    JwkKeyOpsItems:
      type: string
      enum:
        - value: verify
    JWK:
      type: object
      properties:
        kty:
          $ref: '#/components/schemas/JwkKty'
          description: Key type, always "RSA".
        kid:
          type: string
          description: Key ID used to match the key to the JWT header.
        alg:
          $ref: '#/components/schemas/JwkAlg'
          description: Algorithm used, always "RS256".
        'n':
          type: string
          description: The modulus of the RSA public key.
        e:
          type: string
          description: The exponent of the RSA public key.
        use:
          $ref: '#/components/schemas/JwkUse'
          description: The intended use of the public key.
        key_ops:
          type: array
          items:
            $ref: '#/components/schemas/JwkKeyOpsItems'
          description: The operations that the key is intended to be used for.
      required:
        - kty
        - kid
        - alg
        - 'n'
        - e
        - use
        - key_ops
    JWKSResponse:
      type: object
      properties:
        keys:
          type: array
          items:
            $ref: '#/components/schemas/JWK'

```

## SDK Code Examples

```python
import requests

url = "https://api.prolific.com/.well-known/study/jwks.json"

response = requests.get(url)

print(response.json())
```

```javascript
const url = 'https://api.prolific.com/.well-known/study/jwks.json';
const options = {method: 'GET'};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}
```

```go
package main

import (
	"fmt"
	"net/http"
	"io"
)

func main() {

	url := "https://api.prolific.com/.well-known/study/jwks.json"

	req, _ := http.NewRequest("GET", url, nil)

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
```

```ruby
require 'uri'
require 'net/http'

url = URI("https://api.prolific.com/.well-known/study/jwks.json")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
```

```java
HttpResponse<String> response = Unirest.get("https://api.prolific.com/.well-known/study/jwks.json")
  .asString();
```

```php
<?php

$client = new \GuzzleHttp\Client();

$response = $client->request('GET', 'https://api.prolific.com/.well-known/study/jwks.json');

echo $response->getBody();
```

```csharp
var client = new RestClient("https://api.prolific.com/.well-known/study/jwks.json");
var request = new RestRequest(Method.GET);
IRestResponse response = client.Execute(request);
```

```swift
import Foundation

let request = NSMutableURLRequest(url: NSURL(string: "https://api.prolific.com/.well-known/study/jwks.json")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "GET"

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error as Any)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()
```