Hi Mit,
Thank you for sharing.
This error indicates that the private key you are using is not the private key associated with that API user.
Please make sure that the CSR file and private key generated according to link
are used when signing that JWT.
For Example:
I generated two CSR and Privatekeys: CSR1 ,CSR2, PRIVATEKEY1 and PRIVATEKEY2
and created an API user with CSR1.
and when signing the JWT I am using PRIVATEKEY2.
I will receive this error.
{ "message": "invalid signature", "code": -1}
Essentially you have no way of knowing which CSR file is used by which API user from the console.
I would recommend creating a new API user and generating a new CSR file for that API user and making sure that the correct private key is used when creating that JWT.