DPS Public Key

GET 
/pubkey

Returns an ephemeral X25519 public key used to encrypt a proving request. Each key is single-use — it applies only to its corresponding POST /prove/encrypted request.

A JWT is required — obtain one via the Issue JWT endpoint.

The response also sets a session cookie. Send it back on the follow-up POST /prove/encrypted — browsers do this automatically with credentials: "include"; non-browser (Node.js) clients must read Set-Cookie and resend it as Cookie.

For a full walkthrough of the encrypted proving flow, see the Delegated Proving guide.

Request

Responses

200

Ephemeral public key and key ID

401

Unauthorized