# Well Known

OAuth 2.0 discovery endpoints (JWKS and Authorization Server Metadata)

## /.well-known/jwks.json

> Returns the JSON Web Key Set (JWKS) containing public keys used to verify JWT tokens issued by Archera. This endpoint follows the RFC 7517 standard for JWK and is used by clients to validate JWT signatures. No authentication is required as this endpoint provides public cryptographic keys.

```json
{"openapi":"3.1.0","info":{"title":"Archera.ai API","version":"v1.0.0"},"tags":[{"name":"Well-Known","description":"OAuth 2.0 discovery endpoints (JWKS and Authorization Server Metadata)"}],"paths":{"/.well-known/jwks.json":{"get":{"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/JWKS"}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ApiErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ApiErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ApiErrorResponse"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ApiErrorResponse"}}}},"405":{"description":"Method not allowed","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ApiErrorResponse"}}}},"409":{"description":"Conflict","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ApiErrorResponse"}}}},"500":{"description":"Failed to load keys"},"default":{"$ref":"#/components/responses/DEFAULT_ERROR"}},"tags":["Well-Known"],"summary":"/.well-known/jwks.json","description":"Returns the JSON Web Key Set (JWKS) containing public keys used to verify JWT tokens issued by Archera. This endpoint follows the RFC 7517 standard for JWK and is used by clients to validate JWT signatures. No authentication is required as this endpoint provides public cryptographic keys."}}},"components":{"schemas":{"JWKS":{"type":"object","properties":{"keys":{"type":"array","description":"Array of JSON Web Keys","items":{"$ref":"#/components/schemas/JWK"}}},"required":["keys"],"additionalProperties":false},"JWK":{"type":"object","properties":{"kty":{"type":"string","description":"Key type (e.g., 'RSA')"},"use":{"type":"string","description":"Public key use (e.g., 'sig' for signature)"},"kid":{"type":"string","description":"Key ID for identifying the key"},"alg":{"type":"string","description":"Algorithm (e.g., 'RS256')"},"n":{"type":"string","description":"RSA modulus (base64url encoded)"},"e":{"type":"string","description":"RSA public exponent (base64url encoded)"}},"required":["alg","e","kid","kty","n","use"],"additionalProperties":false},"ApiErrorResponse":{"type":"object","properties":{"message":{"type":"string"},"detail":{},"code":{"type":["string","null"]},"url":{"type":["string","null"]},"timestamp":{"type":"string"},"type":{"type":"string"}},"required":["message","timestamp","type"]},"Error":{"type":"object","properties":{"code":{"type":"integer","description":"Error code"},"status":{"type":"string","description":"Error name"},"message":{"type":"string","description":"Error message"},"errors":{"type":"object","description":"Errors","additionalProperties":{}}},"additionalProperties":false}},"responses":{"DEFAULT_ERROR":{"description":"Default error response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}
```

## /.well-known/oauth-authorization-server

> Returns OAuth 2.0 Authorization Server Metadata as specified in RFC 8414. This endpoint provides automatic discovery of the authorization server's configuration, including supported endpoints, grant types, response types, PKCE methods, and available scopes. OAuth client libraries can use this endpoint to automatically configure themselves without manual endpoint configuration. No authentication is required as this is a public discovery endpoint.

```json
{"openapi":"3.1.0","info":{"title":"Archera.ai API","version":"v1.0.0"},"tags":[{"name":"Well-Known","description":"OAuth 2.0 discovery endpoints (JWKS and Authorization Server Metadata)"}],"paths":{"/.well-known/oauth-authorization-server":{"get":{"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuthMetadata"}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ApiErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ApiErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ApiErrorResponse"}}}},"404":{"description":"Not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ApiErrorResponse"}}}},"405":{"description":"Method not allowed","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ApiErrorResponse"}}}},"409":{"description":"Conflict","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ApiErrorResponse"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ApiErrorResponse"}}}},"default":{"$ref":"#/components/responses/DEFAULT_ERROR"}},"tags":["Well-Known"],"summary":"/.well-known/oauth-authorization-server","description":"Returns OAuth 2.0 Authorization Server Metadata as specified in RFC 8414. This endpoint provides automatic discovery of the authorization server's configuration, including supported endpoints, grant types, response types, PKCE methods, and available scopes. OAuth client libraries can use this endpoint to automatically configure themselves without manual endpoint configuration. No authentication is required as this is a public discovery endpoint."}}},"components":{"schemas":{"OAuthMetadata":{"type":"object","properties":{"issuer":{"type":"string","description":"The authorization server's issuer identifier URL"},"authorization_endpoint":{"type":"string","description":"URL of the OAuth 2.0 authorization endpoint"},"token_endpoint":{"type":"string","description":"URL of the OAuth 2.0 token endpoint"},"revocation_endpoint":{"type":"string","description":"URL of the OAuth 2.0 token revocation endpoint (RFC 7009)"},"registration_endpoint":{"type":"string","description":"URL of the OAuth 2.0 dynamic client registration endpoint (RFC 7591)"},"jwks_uri":{"type":"string","description":"URL of the JSON Web Key Set document"},"response_types_supported":{"type":"array","description":"OAuth 2.0 response_type values supported","items":{"type":"string"}},"grant_types_supported":{"type":"array","description":"OAuth 2.0 grant type values supported","items":{"type":"string"}},"code_challenge_methods_supported":{"type":"array","description":"PKCE code challenge methods supported","items":{"type":"string"}},"token_endpoint_auth_methods_supported":{"type":"array","description":"Client authentication methods supported at token endpoint","items":{"type":"string"}},"scopes_supported":{"type":"array","description":"OAuth 2.0 scope values supported","items":{"type":"string"}},"service_documentation":{"type":"string","description":"URL of service documentation for developers"}},"required":["authorization_endpoint","code_challenge_methods_supported","grant_types_supported","issuer","jwks_uri","registration_endpoint","response_types_supported","revocation_endpoint","scopes_supported","token_endpoint","token_endpoint_auth_methods_supported"],"additionalProperties":false},"ApiErrorResponse":{"type":"object","properties":{"message":{"type":"string"},"detail":{},"code":{"type":["string","null"]},"url":{"type":["string","null"]},"timestamp":{"type":"string"},"type":{"type":"string"}},"required":["message","timestamp","type"]},"Error":{"type":"object","properties":{"code":{"type":"integer","description":"Error code"},"status":{"type":"string","description":"Error name"},"message":{"type":"string","description":"Error message"},"errors":{"type":"object","description":"Errors","additionalProperties":{}}},"additionalProperties":false}},"responses":{"DEFAULT_ERROR":{"description":"Default error response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}}}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.archera.ai/api-reference/public-api/well-known.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.