# Staging and Production Endpoints

| Endpoint                                                                                                                              | Access Mechanism                | Staging                                           | Production                                    |
| ------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------- | ------------------------------------------------- | --------------------------------------------- |
| [Backchannel Authentication Endpoint](https://stg-id.singpass.gov.sg/docs/step-up-auth-ciba/api#_backchannel_authentication_endpoint) | Public TLS w/ Client Assertions | <https://stg-id.singpass.gov.sg/bc-auth>          | <https://id.singpass.gov.sg/bc-auth>          |
| [Token Endpoint](https://stg-id.singpass.gov.sg/docs/step-up-auth-ciba/api#_token_endpoint)                                           | Public TLS w/ Client Assertions | <https://stg-id.singpass.gov.sg/token>            | <https://id.singpass.gov.sg/token>            |
| [JWKS endpoint](https://stg-id.singpass.gov.sg/docs/step-up-auth-ciba/api#_jwks_endpoint)                                             | Public TLS                      | <https://stg-id.singpass.gov.sg/.well-known/keys> | <https://id.singpass.gov.sg/.well-known/keys> |

{% hint style="danger" %}
RPs must not do "cert pinning" or create any form of dependency to the TLS certificates of the above domains. Singpass reserves the right to rotate its TLS certificates without prior notice to RPs.
{% endhint %}