Webhook Verification Key

Fetch the public key used to verify webhook signatures.

Request

POST /webhook_verification_key/get

Body

Response

200 OK

{
  "key_id": "key_abc123",
  "key": "-----BEGIN PUBLIC KEY-----\nMFkw...base64...\n-----END PUBLIC KEY-----"
}

The key field is the ES256 public key in PEM (SPKI) format.

Notes

• This is a public endpoint — no API key required
• The key_id is found in the kid field of the JWT header in the X-Passage-Signature webhook header
• Keys use ES256 (ECDSA with P-256 and SHA-256)

Next steps

• Webhook Verification Guide — Full verification walkthrough