# Signing Transactions

Web SDK supports sending a payload, called transaction data, that will be signed by the server when either authentication or enrollment succeed.

The signed transaction is a JWT and can be verified server-side to ensure that the operation was really completed on our servers, and that the signed transaction data matches with what is expected.

### Headless Integration

Please base the integration code from the following guides:

* [Enrollment Headless Integration](https://docs.keyless.io/web-sdk/web-sdk-guide/enrollment#headless-integration)
* [Authentication Headless Integration](https://docs.keyless.io/web-sdk/web-sdk-guide/authentication#headless-integration)

The transaction data can be set in the `openKeylessWebSocketConnection` options:

```javascript
await openKeylessWebSocketConnection(sym, {
  ...,
  transaction: {
    data: TRANSACTION_DATA
  }
})
```

The transaction JWT can be retrieved inside the `finished` event:

```javascript
addKeylessEventListener(sym, 'finished', (event) => {
  // will log the transaction JWT
  console.log(event.data.transactionJwt)
})
```

### Web Component Integration

Please base the integration code from the following guides:

* [Enrollment Web Component Integration](https://docs.keyless.io/web-sdk/web-sdk-guide/enrollment#web-component-integration)
* [Authentication Web Component Integration](https://docs.keyless.io/web-sdk/web-sdk-guide/authentication#web-component-integration)

The transaction data can be set through the `transaction-data` attribute:

```html
<kl-auth-or-enroll
  ...
  transaction-data="TRANSACTION_DATA"
></kl-auth-or-enroll>
```

The transaction JWT can be retrieved inside the finished event:

```javascript
auth_or_enroll.addEventListener('finished', (event) => {
  // will log the transaction JWT
  console.log(event.detail.transactionJWT)
})
```

### Verifying the Transaction JWT

There are two options to verify the transaction JWT:

* Retrieve the customer public key using this API:\
  <https://docs.keyless.io/consumer/server-api/operations#verify-jwt>\
  \
  Then import the public key and finally verify the JWT.
* Verify the JWT with this API:\
  <https://docs.keyless.io/consumer/server-api/operations#verify-jwt>

Please note - both operations should be executed backend-to-backend for security purposes, ensuring no keys are leaked.