JSON Web Tokens (JWT) use digital signatures to establish the authenticity of the data they contain, as well as authenticating the identity of the signer. A valid signature check ensures that any party can rely on the contents and the signatory of the JWT. This is typically accomplished by using an asymmetric signing algorithm such as RS-256 (RSA + SHA256 hash). The "asymmetry" is where the private key of a key pair is used to sign a piece of information, and the public key is used to verify that it was signed by a specific private key (without actually having the key). \r\n Akamai's JWT validation in API Gateway also relies on digital signature. The public key for a token is held on each edge server to enable signature validation. Until now, customers could upload both a primary and secondary public key by using the Luna portal or an administrative API . This allowed key rotation as needed, but was a manual and somewhat clunky process.…