How can I host my JWT public key myself?

Self-service signed JWT public key set up is already live for self-hosted public keys. For guidance, see Application-restricted RESTful APIs - signed JWT authentication.

We are also working on making set up self-service for public keys hosted by us.

1 Like

@mick.schonhut1 who do I need to contact to host my public key? I am new to API Management. Your reply would be appreciated

Hey @ayo.odunsi1 check out our Contact us page for details on who to contact for this

1 Like

I think the python example needs updating on here. I had to use the cryptography package to get it working.

Thanks for letting us know, James.

Was that the Python example in Step 4?

What was the specific problem you found with the code snippet we provided?

Yes it is that one.

If you use a passphrase for the key pair generated in Step 2 the jwt package by itself won’t be able to access the key file.

I ended up using:

from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.serialization import load_pem_private_key

Like this:

# Read the private key file.
with open(private_key_file, "r") as f:
    private_key =

# Load the key.
rsa_key = load_pem_private_key(

# Create a claims header
claims = {
    "sub": api_key,
    "iss": api_key,
    "jti": str(uuid.uuid4()),
    "aud": "",
    "exp": int(time()) + 300,  # 5mins in the future

# Create additional header
additional_headers = {"kid": kid}

j = jwt.encode(

Happy to hear if there’s a better way!

Conferring with Python people, I’ve added a clarification about what needs to be installed before running each of the Python snippets we provide.

Could you take a quick look and see if this would have helped you?[…]application-restricted-restful-apis-signed-jwt-authentication[…]stful-apis-nhs-cis2-separate-authentication-and-authorisation[…]tful-apis-nhs-login-separate-authentication-and-authorisation