GET /v1/ca/public-key
Returns the company’s CA public key in three formats: PEM, JWK, and fingerprint. No authentication required. Cached for 1 hour.
This is the only thing a verifier needs to verify any passport or OCSP response issued by this company.
Query parameters
Response 200
JWK fields:
Error responses
Example
GET /v1/ca/well-known
Returns an OIDC-style discovery document describing the company’s cryptographic configuration. No authentication required. Cached for 1 hour.
This document is designed to be fetched once at verifier startup and cached. It includes the jwks_uri pointing to the public key endpoint, plus inline JWKS to avoid a second round-trip.
Query parameters
Response 200
passport_format fields: