Skip to main content

Authentication and authorization

Public resources

Some resources are public, including:

Build info
System metrics
Many external endpoints (those starting with /ssi)

Management endpoints

All management endpoints (those starting with /api) require an API key, used in the header of calls.

Authorization: Bearer <apiKey>

Anyone with knowledge of the key can access the services while in the network.

Other tokens

Some calls to /ssi endpoints require tokens specific to a given interaction:

/ssi/openid4vci/draft-13/{id}/credential requires an OpenID4VC token
/ssi/trust-entity/v1 endpoints requires a remote-agent token

These tokens are used in the header of calls.

Public resources
Management endpoints
- Other tokens