This article describes the account, user, role, and user authentication schemata on the Trusted Twin platform.
The purpose of this article is to provide system architects and developers with conceptual knowledge required to design solutions on the Trusted Twin platform. For developer resources, please consult the Trusted Twin docs website.
5 min. read
Account and UUID
An account is the main customer-related and billing entity on the Trusted Twin platform. It is identified by a unique identifier in UUID4 format generated during the account creation process. The UUID4 format is used broadly on the Trusted Twin platform to identify different objects in an uniform way. We are going to refer to this unique identifier as UUID throughout our documentation.
To create an account, visit the Selfcare panel and follow the steps as indicated.
User, role, and User Secret (API key)
When an account is created, the first role and user are also created by the system (i.e., Super Admin role and Super Admin user). As well, a User Secret (API key) for the Super Admin user is generated (i.e., Super Admin User Secret).
The Super Admin role allows the Super Admin user to access all account-related objects created on the Trusted Twin platform and to call all API methods. A Super Admin user can be considered an equivalent of a “root user” in a typical IT system. In particular, the Super Admin role allows the Super Admin user to create new roles and users with limited permissions.
All API operations on the Trusted Twin platform are performed in the context of a user as a User Secret (API key) is required for authentication. We will sometimes, however, refer to the account’s ability to perform a certain operation to indicate that such an operation can be performed by any user belonging to the account provided their role allows them to perform the operation.
All objects on the Trusted Twin platform (e.g., Twins, Identities, Ledgers, Docs) are always owned by the creating user’s account.
- We designed the Trusted Twin system in a way to ensure maximum security when providing the initial Super Admin User Secret (Super Admin API key). However, we strongly recommend generating a new User Secret (API key), especially for production environments, as the initial User Secret (API key) is delivered through the web interface.
We strongly recommend not to use the Super Admin User Secret (API key) to perform tasks other than creating new roles and users.
- The Super Admin user should be used to create new users and roles with limited permissions. The users created by the Super Admin user should be used to perform tasks on the Trusted Twin platform.
- The number of roles and users for an account is unlimited. However, we recommend to keep the number of users low and to use other access control methods available on the Trusted Twin platform, for example access rules and the ‘X-TrustedTwin’ HTTP request header.
- For certain applications, it might be feasible to use more than one account. Please see the resources section below.