XVE is based of a custom framework called KISS. This utilises JWT (Json Web Tokens) for all its sessioning data. These are a standard (RFC 7519) way to encode JSON data as a secure token. Some components of XVE will pass back a JWT (for example Webhooks). It is important for these components that you are able to verify the validity of these tokens.
It is up to the implementor of API to ensure the web tokens are from us.
You can do this by using the Public Key listed below. All JWTs from this site are generated using a RSA keypair, and you can use this public key to decode it.
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlqXqacTHQF3FQGUmAd+ 852TIfo7fDuVC9ZeON858QQj5CcReWYDQhL/uw8CrOvsdLysrq2FiIVrM7ljZW/H 5oMcxlKq4kBuJQ/qjG3oTyPKbiwjGlT52wpaLnai40/sJZPsfbHuOAWxzV/xzvgU UdDxWBI8cnC8xXnN8TnUaY30iP/iMXuMB2baQJEg28H7IqovOV8GRnhRwhb/ZKs4 tP/jf3/P3alQT3wIavX8qLFR8U50VjeolW3f5uzILrenmjiHy4EdUsCdx2/2l8jF tGJe0ZokehRg3D0MVxxjLqKLJdWO+NhzaEocAmnxJCpwgmIh2HlMtHghYOA+GGgW rwIDAQAB -----END PUBLIC KEY-----