Authenticate with a Bearer authorization header
The Piiano Vault REST API uses either API keys or JWT access tokens generated by an external identity provider to authenticate and authorize requests. It accepts Bearer tokens in the HTTP
Authorization header using the
Bearer <api-key|jwt-token> scheme.
To enable evaluation and testing, Vault ships with a default API key of
pvaultauth for the admin user. See Set the admin's API key for information on how to set a value for this key.
To configure JWT authentication, see Configure JWT authentication.
See Manage users and policies to learn more about how Vault controls access to operations and data.
Tenant isolation header
The Piiano Vault REST API supports an optional enforcement header, to ensure tenant isolation. This header ensures that each operation is limited to the intended tenant.
The enforcement header is
X-Tenant-Id and its value is a list of tenant ids separated by comma. When an enforcement violation is detected, the entire request fails with status code 403.
For example, if the enforcement header is
X-Tenant-Id: 1,2,3, then the operation will be executed only if the resources are owned by tenant 1, 2 or 3.