...
A new auth token is created with almost the same content as the client’s auth token. The new auth token is signed using a configured auth token private key. This requires It is required that the corresponding auth token public key can be used by the target system to verify the auth token signed by STEVE using the auth token private key is present . Normally, the way to achieve this is to publish the auth token public key in BoB Metadata and let the target system update the public key by retrieving it from BoB Metadata. For test, it is probably easiest to publish it in the BoB Metadata Test Environment. Use the POST/participantMetadata/{pid}/authtokenPublicKey endpoint of the Participant Metadata API to add a new auth token public key.
...