Because your API needs to be publicly accessible from the internet, you should
make sure to verify the authenticity of each request.
Upstash provides a JWT with each request. This JWT is signed by your individual
secret signing keys. Read more.
We are using 2 signing keys:
- current: This is the key used to sign the JWT.
- next: This key will be used to sign after you have rolled your keys.
If we were using only a single key, there would be some time between when you
rolled your keys and when you can edit the key in your applications. In order to
minimize downtime, we use 2 keys and you should always try to verify with both
keys.
What happens when I roll my keys?
When you roll your keys, the current key will be replaced with the next key and
a new next key will be generated.
currentKey = nextKey
nextKey = generateNewKey()
Rolling your keys twice without updating your applications will cause your apps
to reject all requests, because both the current and next keys will have been
replaced.
How to roll your keys
Rolling your keys can be done by going to the
QStash UI and clicking on the “Roll keys”
button.
