Roles, Scopes, and Origins

Roles, scopes, and origins control access and permissions, ensuring the secure and efficient management of resources and user interactions with APIs.

Roles

Roles are assigned to users to define their level of access and permissions within the system. The roles we have are:

owner: Full access and control over all resources.
admin: Management access, including user administration and resource management.
developer: Access to development-related resources and APIs.
user: Basic access to general resources and APIs.

Scopes

Scopes represent different groups of access permissions and are closely tied to user roles. The scopes are used to fine-tune the access permissions granted to each user role.

The scopes use the same names as the roles: owner, admin, developer, and user.
When a user with a specific role login, the session key inherits the user's role as its scope.
The scopes of the key control the access permissions to the API.

Access Control

All four roles, owner, admin, developer, and user, implicitly have full access to all inference API paths starting with /api/. Except for the role user, its access can be refined by including further API paths.
For example, a key with the scope user and has an additional scope that is an API path pattern /api/{hash}/*, the key can only access APIs with paths that match the pattern /api/{hash}/*..

Origins are used for Cross-Origin Resource Sharing (CORS) control. An array variable named origins can associate with both api and session keys to specify which origins are allowed to access the API.

If the origins array is defined, it will be used to control CORS, ensuring that only specified origins can interact with the API resources.

By implementing roles, scopes, and origins, we ensure that our API services are secure and that access is appropriately managed based on user roles and specified permissions. This approach helps to maintain the integrity and confidentiality of the resources within our system.