--- title: Authentication Token Management endpoint description: This page describes the endpoint used to validate JSON Web Tokens. component: pingaccess version: 9.0 page_id: pingaccess:reference_guides:pa_authn_token_management_endpoint canonical_url: https://docs.pingidentity.com/pingaccess/9.0/reference_guides/pa_authn_token_management_endpoint.html revdate: November 6, 2023 section_ids: paauthtokenjwks: /pa/authtoken/JWKS --- # Authentication Token Management endpoint This page describes the endpoint used to validate JSON Web Tokens. ## /pa/authtoken/JWKS Backend sites use the Authentication Token Management endpoint to validate the signature of a JSON Web Token (JWT) *(tooltip: \
\

An IETF standard container format for a JSON object used for the secure exchange of content, such as identity or entitlement information. You can find the industry standard in \RFC 7519\.\

\
)*. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you selected the **Use context root as reserved resource base path** check box on your PingAccess application, this feature creates an instance of any reserved PingAccess resources under the application's context root. As such, the context root of the application needs to prepend the reserved context application root (`/pa` by default) in any file paths that reference it.If the context root of your application is `myApp`, the path to the Authentication Token Management endpoint would be `myApp/pa/authtoken/JWKS` instead. |