Introduction
This article describes the account, user, role, and user authentication schemata on the Trusted Twin platform.
The purpose of this article is to provide system architects and developers with conceptual knowledge required to design solutions on the Trusted Twin platform. In order to consult developer resources, please navigate to the Trusted Twin docs website.
5 min read
Concepts
Account
An account is the main customer-related and billing entity on the Trusted Twin platform.
UUID
Each account is identified by a unique identifier in UUID4 format generated during the account creation process. The UUID4 format is used broadly on the Trusted Twin platform to identify different objects in a uniform way. We are going to refer to this unique identifier as UUID.
Account creation
In order to create an account, please reach out to us.
User, role, and User Secret (API key)
When you create an account, the first role and user are also automatically created by the system (i.e., Super Admin role and Super Admin user). As well, the system generates a User Secret (API key) for the Super Admin user (i.e., Super Admin User Secret).
The Super Admin role allows the Super Admin user to access all account-related objects created on the Trusted Twin platform and to call all API methods. Therefore, a Super Admin user can be considered an equivalent of a root user in a typical IT system. In particular, this role allows the Super Admin user to create new roles and users with limited permissions.
Developer resources
Create a role
Create a user
Create a User Secret (API key)
All API operations on the Trusted Twin platform are performed in the context of a user as a User Secret (API key) is required for authentication. However, we will sometimes refer to the account’s ability to perform a certain operation in order to indicate that any user belonging to the account can perform such an operation (provided their role allows them to perform the operation).
Resource ownership
All objects on the Trusted Twin platform (e.g., Twins, Identities, Ledgers, Docs) are always owned by the creating user’s account.
Best practices
- We designed the Trusted Twin system in a way to ensure maximum security when providing the initial Super Admin User Secret (Super Admin API key). However, we strongly recommend generating a new User Secret (API key), especially for production environments, as the initial User Secret (API key) is delivered through the web interface. We strongly recommend not to use the Super Admin User Secret (API key) to perform tasks other than creating new roles and users.
- You should use the Super Admin user to create new users and roles with limited permissions. To perform tasks on the Trusted Twin platform, use users created by the Super Admin user.
- There is no limit to the number of roles and users for an account. However, we recommend to keep the number of users low and to use other access control methods available on the Trusted Twin platform, for example access rules and the
X-TrustedTwin
HTTP request header.
Developer resources
Custom headers
- For certain applications, it might be feasible to use more than one account. For more information on how to use the Trusted Twin platform in you applications architecture or technology stack, please get in touch with our team.