Skip to main content

Public keys

A public key is a cipher that allows you to verify if the source of the callback notification is valid and from a secure J.P. Morgan system.

How it works

  1. When you subscribe to a notification by performing a POST call to the /subscriptions endpoint, a public key is sent back in the response.
  2. The pairing private key is stored at J.P. Morgan.
  3. Every time a notification event occurs and a callback notification is sent to you, it is digitally signed with the private key.
  4. You can verify the authenticity of the callback notification using the public key that was sent to you.

The following is an example of how the public key would look in the response when you subscribe to a notification.

HTTP method: POST

Endpoint: /subscriptions

Scenario: Subscribing to a notification and receiving the public key as well in the response.

Json
{
    "notifications": {
        "tokenLifecycleNotification": [
            "All"
        ],
        "recurringProgramNotification": [
            "PlanUpdated",
            "ConsumerCommunicationUpdated",
            "PaymentApplied",
            "PaymentNotApplied",
            "ProgramUpdated"
        ]
    },
    "securityPreferences": {
        "oAuthNotificationEnabled": true,
        "sslAuthNotificationEnabled": true,
        "headerFields": {
            "key1": "value1",
            "key2": "value2"
        },
        "oAuthDetails": {
            "oAuthClientSecret": "ab3sgdLdSX8szxD",
            "oAuthClientId": "sE4sasddaKJ4sfdfdEasQfsdAeeWaSa",
            "tokenURL": "https://api-uat.merchant.com/oauth/client_credential/accesstoken"
        }
    },
    "subscriptionChannels": [
        "WEBHOOK"
    ],
    "callBackUrl": "https://merchant.notification.com"
}

Response:

Json
{
    "notifications": {
        "tokenLifecycleNotification": [
            "All"
        ],
        "recurringProgramNotification": [
            "PlanUpdated",
            "ConsumerCommunicationUpdated",
            "PaymentApplied",
            "PaymentNotApplied",
            "ProgramUpdated"
        ]
    },
    "subscriptionId": "f07e8898-2819-44eb-989f-e04607766c10",
    "subscriptionCreatedTimestamp": "2024-01-09T10:05:42.522Z",
    "subscriptionUpdatedTimestamp": "2024-01-09T10:05:42.522Z",
    "callbackURL": "https://merchant.notification.com",
    "responseStatus": "SUCCESS",
    "responseCode": "ACCEPTED",
    "responseMessage": "Request Accepted",
    "publicKey": {
        "publicKeyIdentifier": "213db467b83c4db2a69da08705eff25a",
        "publicKeyText": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvsoc/9/GmHzXSw7JBpGc7zJx5TYRJXmQxG2Dnx2BZ+ELQEliL6oCOUpAxx+TW61BmVdCabh+i43biOPicgXY/A==",
        "publicKeyExpirationDate": "2024-10-31T13:10:30.481Z"
    },
    "subscriptionChannels": [
        "WEBHOOK"
    ]
}

Retrieve the public key

You can also retrieve the public key by performing a GET call to the /publicKeys endpoint.

HTTP method: GET

Endpoint: /publicKeys

Scenario: Retrieving a public key

Json
{
    "publicKeyIdentifier": "213db467b83c4db2a69da08705eff25a",
    "publicKeyText": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvsoc/9/GmHzXSw7JBpGc7zJx5TYRJXmQxG2Dnx2BZ+ELQEliL6oCOUpAxx+TW61BmVdCabh+i43biOPicgXY/A==",
    "publicKeyExpirationDate": "2024-10-31T13:10:30.481Z"
}