# Gets the bank's current signing public key.

Gets the bank’s current signing public key in JWKS format. Returns a JWKS containing one RSA key with fields:
- kid: rsa-{keyVersion}
- kty: RSA
- alg: PS256
- use: sig
- n/e: base64url-encoded modulus and exponent
This endpoint requires OpenBankApi authorization; no private key material is exposed.

Endpoint: GET /v1/.well-known/jwks.json
Version: v1
Security: Authorization

## Response 200 fields (application/json):

  - `keys` (array, required)
    Collection of JSON Web Keys (JWK). Only one key is expected.

  - `keys.kty` (string, required)
    Key type. Always "RSA" for this endpoint.

  - `keys.use` (string, required)
    Intended use of the key. "sig" indicates signature verification.

  - `keys.alg` (string, required)
    Algorithm used with the key. "PS256" indicates RSA-PSS with SHA-256.

  - `keys.kid` (string, required)
    Key identifier in the form "rsa-{version}".

  - `keys.n` (string, required)
    Base64Url-encoded RSA modulus.

  - `keys.e` (string, required)
    Base64Url-encoded RSA public exponent (typically "AQAB").

## Response 401 fields (application/json):

  - `error` (string, required)
    Error code or type that identifies the specific error condition

  - `message` (string, required)
    Human-readable error message that describes the error condition

## Response 429 fields (application/json):

  - `error` (string, required)
    Error code or type that identifies the specific error condition

  - `message` (string, required)
    Human-readable error message that describes the error condition

## Response 500 fields (application/json):

  - `error` (string, required)
    Error code or type that identifies the specific error condition

  - `message` (string, required)
    Human-readable error message that describes the error condition