JSON Web Keys

Cryptographic Keys

Axioms uses cryptographic keys to create a digitally signed token as well as for token and data encryption. These keys are unique for each tenant and are stored in JSON Web Keys (JWK) format in tenant database.

Key Types

Axioms support three key types: RSA, EC, and oct. For more information please review JSON Web Algorithms

Create new key

When you create a new tenant, Axioms platform will automatically create a new set of default keys of type RSA, EC, and oct. So you typically don't need to create a new key. That said, depending on your need you can manually create new keys and set them as default.

🔵 You can have as many crypto keys you want, but for each key type there can be only one default key. Default keys are rotated periodically.

🔴 If needed you can ⚡deactivate⚡ an existing key through UI. Before you deactivate an existing key make sure there is at-least one active and default key of given key type.

Create new key
Create new key


JSON Web Key Set (JWKS) is a set of keys containing the public keys of key type RSA or EC that can be used to verify the signed JWT tokens. JWKS URI for a given tenant domain are available at,


You can also find the JWKS endpoint programmatically using your OpenID Connect Discovery endpoint and look for jwks_uri parameter.