Authentication and authorization

API key

The API key is set in the configuration:

app:
  authToken: '{{YOUR-API-TOKEN}}'

In the default configuration this is found in config/config-local.yml. By default this is set to test for development. You should update this value for security.

Related guide: Core - app configuration

Public resources

Some resources are public, including:

Build info
System metrics
Many external endpoints (those starting with /ssi)

Management endpoints

All management endpoints (those starting with /api) require the API key, used in the header of calls.

Authorization: Bearer <apiKey>

Anyone with knowledge of the key can access the services while in the network.

Other tokens

Some calls to /ssi endpoints require tokens specific to a given interaction:

/ssi/openid4vci/draft-13/{id}/credential requires an OpenID4VC token
/ssi/trust-entity/v1 endpoints requires a remote-agent token

These tokens are used in the header of calls.

API key​

Public resources​

Management endpoints​

Other tokens​

API key

Public resources

Management endpoints

Other tokens