Skip to content

Governance Service Authentication and RBAC

Most Governance Service routes require a bearer credential. Governance Service delegates validation to Auth Service and then enforces organization and project access based on the returned user context.

  • End-user JWTs issued through the configured identity provider flow.
  • Auth Service API keys for machine integrations.
  • Service-account tokens used by platform worker workflows.

Project-scoped routes require project membership or platform-level access. Privileged actions require roles and permissions returned by Auth Service. External integrations should request only the scopes and project access they need.

Customer systems should send:

Terminal window
Authorization: Bearer <token-or-api-key>

Never place bearer credentials in URLs or logs.