This guide will be removed on April 29, 2022. Please use our new, easier-to-use Toast technical documentation site. All updated content is on the new site.

Refreshing the public key

Typically, the Toast technical partnership team does not change the key pair used to sign JWTs. You can cache the public key that you get from the Toast API user management service. You do not need to get a new copy of the public key every time you verify an incoming request.

To maintain security, the technical partnership team may replace the key pair at any time. When the key pair changes, you must get a new public key from the user management service.

To make your integration more flexible when the technical partnership team replaces the key pair, get and cache a new copy of the public key each time you start your service. When the technical partnership team replaces the key pair, you can stop and restart your service to refresh the public key.