Modernised API uses JWS (JSON Web Signature) to authenticate users and authorize access to resources. A bearer token is required in the HyperText Transfer Protocol (HTTP) Authorization header when making requests to protected resources. In response, Modernised API will include a JWS signed by Real-time Retails Payment Platform (RPP) in the HTTP Authorization header.

For more details, refer to the JWS specification here. The JWS must be signed using a private-public key pair, and guidelines for exchanging key pairs are available here.