Powens Documentation
DocumentationChangelogConsoleWebsite
  • Documentation
  • Integration guides
    • Quick Start
      • API Overview
      • Add a first user and connection
    • ➖Bank
      • Introduction to Bank
      • Bank integration guide
    • ➖Check
    • ➖Wealth
    • ➖Pay
      • Getting started with Pay
      • Initiating a one-time payment with the Webview
      • Initiating a bulk payment with the Webview
      • Initiating a recurring payment with the Webview
      • Cancelling a payment
      • Validating your implementation with the test connector
      • Advanced
        • Listing connectors with Pay enabled programmatically
        • Implementing your own payment validation webview
        • Confirming payments manually
        • Changing the manual expiration time
        • Changing the maximum amounts for payments
    • ➖Trust
    • ➖Advisory (obsolete)
    • ➖Indicators
    • SCA & connection states
    • Webhooks
    • Advanced
      • Custom connection implementation
      • End-to-end encryption
      • Response signature
  • SDK
    • Connect SDK
    • Powens Connect iOS
  • Reference
    • API Reference
    • Console & Webview documentation
  • Ressources
    • Tools
      • Institutions & capabilities
      • Demo integration
      • Demo product
    • Glossary
  • Changelog
  • Legal notice
Powered by GitBook
On this page
  • Get signed responses
  • Token format
  • Verify token signature
  • Keys resource
  • List keys
  • Get a key

Was this helpful?

  1. Integration guides
  2. Advanced

Response signature

PreviousEnd-to-end encryptionNextConnect SDK

Last updated 2 years ago

Was this helpful?

The API can generate tokens instead of JSON responses.

This may be useful if you or one of your clients needs to assert

  • the data's origin,

  • which request was used exactly,

  • the timestamp the request was executed at.

Signed responses need to be enabled. Contact us.

Get signed responses

To get a signed response, add the following query parameter to your request:

sign_response=true

Token format

As any JWS, the structure is header.payload.signature, where

  • header is a base64-encoded JSON with information about the signature process (see ),

  • payload is a base64-encoded JSON with the following structure:

    {
        "request_url": ...,
        "response_timestamp": ...,
        "response_payload": ...,
    }
  • signature is a base64-encoded bytes section.

Verify token signature

  1. Get the key_url in the header,

  2. Check if the deprecated field is null,

  3. Use the public_key field to check the signature using your favorite JWS library.

Keys resource

List keys

The list of past and present keys can be obtained at

/sign-keys

Get a key

GET /sign-keys/{key_id}

Keys format

Property
Type
Description

id

Number

ID of the key.

public_key

String

PEM of the public key.

deprecated

DateTime or null

If set, this key is deprecated and any signature using it should not be trusted.

Fetch the key (see ),

JWS
Verify token signature
Get a key