Because your API needs to be publicly accessible from the internet, you should make sure to verify the authenticity of each request.
Upstash provides a JWT with each request. This JWT is signed by your individual secret signing keys. Read more.
We are using 2 signing keys:
If we were using only a single key, there would be some time between when you rolled your keys and when you can edit the key in your applications. In order to minimize downtime, we use 2 keys and you should always try to verify with both keys.
When you roll your keys, the current key will be replaced with the next key and a new next key will be generated.
Rolling your keys twice without updating your applications will cause your apps to reject all requests, because both the current and next keys will have been replaced.
Rolling your keys can be done by going to the QStash UI and clicking on the “Roll keys” button.
Because your API needs to be publicly accessible from the internet, you should make sure to verify the authenticity of each request.
Upstash provides a JWT with each request. This JWT is signed by your individual secret signing keys. Read more.
We are using 2 signing keys:
If we were using only a single key, there would be some time between when you rolled your keys and when you can edit the key in your applications. In order to minimize downtime, we use 2 keys and you should always try to verify with both keys.
When you roll your keys, the current key will be replaced with the next key and a new next key will be generated.
Rolling your keys twice without updating your applications will cause your apps to reject all requests, because both the current and next keys will have been replaced.
Rolling your keys can be done by going to the QStash UI and clicking on the “Roll keys” button.