TrustedTwin Homepage

Articles

Figure 1. Account, user, role, and User Secret (API key) on the Trusted Twin platform.

Account and user concept

Summary

This article describes the account, user, role, and user authentication schemata on the Trusted Twin platform. 

The purpose of this article is to provide system architects and developers with conceptual knowledge required to design solutions on the Trusted Twin platform. For developer resources, please consult the Trusted Twin docs website.

5 min. read

Concepts

Account and UUID

An account is the main customer-related and billing entity on the Trusted Twin platform. It is identified by a unique identifier in UUID4 format generated during the account creation process. The UUID4 format is used broadly on the Trusted Twin platform to identify different objects in an uniform way. We are going to refer to this unique identifier as UUID throughout our documentation.

Account creation

To create an account, visit the Selfcare panel and follow the steps as indicated. 

User, role, and User Secret (API key)

When an account is created, the first role and user are also created by the system (i.e., Super Admin role and Super Admin user). As well, a User Secret (API key) for the Super Admin user is generated (i.e., Super Admin User Secret).

Figure 2. Super Admin user with Super Admin role and Super Admin User Secret.

The Super Admin role allows the Super Admin user to access all account-related objects created on the Trusted Twin platform and to call all API methods. A Super Admin user can be considered an equivalent of a “root user” in a typical IT system. In particular, the Super Admin role allows the Super Admin user to create new roles and users with limited permissions.

Developer resources
Create a role
Create a user
Create a User Secret (API key)

All API operations on the Trusted Twin platform are performed in the context of a user as a User Secret (API key) is required for authentication. We will sometimes, however, refer to the account’s ability to perform a certain operation to indicate that such an operation can be performed by any user belonging to the account provided their role allows them to perform the operation.

Resource ownership

All objects on the Trusted Twin platform (e.g., Twins, Identities, Ledgers, Docs) are always owned by the creating user’s account.

Best practices

  • We designed the Trusted Twin system in a way to ensure maximum security when providing the initial Super Admin User Secret (Super Admin API key). However, we strongly recommend generating a new User Secret (API key), especially for production environments, as the initial User Secret (API key) is delivered through the web interface.

    We strongly recommend not to use the Super Admin User Secret (API key) to perform tasks other than creating new roles and users.

Figure 3. Best practices for creating users and roles and performing tasks on the Trusted Twin platform.
  • The Super Admin user should be used to create new users and roles with limited permissions. The users created by the Super Admin user should be used to perform tasks on the Trusted Twin platform.
  • The number of roles and users for an account is unlimited. However, we recommend to keep the number of users low and to use other access control methods available on the Trusted Twin platform, for example access rules and the ‘X-TrustedTwin’ HTTP request header. 

Developer resources
Custom headers

  • For certain applications, it might be feasible to use more than one account. Please see the resources section below.

Up next/ Next step

Related articles

For more information about how to use the Trusted Twin platform in your application’s architecture or technology stack, please contact hello@trustedtwin.com

ON THIS PAGE