Because your API needs to be publicly accessible from the internet, you should
make sure to verify the authenticity of each request.Upstash provides a JWT with each request. This JWT is signed by your individual
secret signing keys. Read more.We are using 2 signing keys:
current: This is the key used to sign the JWT.
next: This key will be used to sign after you have rolled your keys.
If we were using only a single key, there would be some time between when you
rolled your keys and when you can edit the key in your applications. In order to
minimize downtime, we use 2 keys and you should always try to verify with both
keys.
When you roll your keys, the current key will be replaced with the next key and
a new next key will be generated.
Copy
Ask AI
currentKey = nextKeynextKey = generateNewKey()
Rolling your keys twice without updating your applications will cause your apps
to reject all requests, because both the current and next keys will have been
replaced.