Authentication
Understand SafeDep Cloud authentication methods and API access patterns
SafeDep Cloud API operates on two distinct planes, each with different authentication requirements and access patterns.
API Architecture
Control Plane
Configuration, reporting, and management operations
Data Plane
Package insights, scanning data, and tool integrations
All APIs for security tools integration are part of the Data Plane. These APIs require an API key for authentication and may enforce rate limits under a fair usage policy.
API Endpoints and Authentication
Plane | API Endpoint | Supported Authentication |
---|---|---|
Data Plane | api.safedep.io | JWT and API Key |
Control Plane | cloud.safedep.io | JWT |
Data Plane Authentication
API Key Authentication
The most common method for tool integrations and automated access:
Generate API Key
Create an API key in your SafeDep Cloud tenant settings
Configure Environment
Set the API key in your environment:
Use with vet
Configure vet to use the API key:
JWT Authentication
For programmatic access requiring higher privileges:
Control Plane Authentication
OAuth2/OIDC Integration
SafeDep Cloud Identity Service is hosted at https://auth.safedep.io
and provides OAuth2/OIDC compatible authentication.
OpenID Configuration Endpoint:
Device Code Flow
For command-line tools, use the OAuth2 Device Code flow:
This opens a browser for authentication and stores the JWT token locally.
Programmatic Integration
For custom applications, implement OAuth2 Device Code flow. Reference implementation available in the vet OAuth2 client.
Authentication Examples
Basic API Key Usage
JWT-Based Access
GitHub Actions Integration
Authentication Headers
API Key Authentication
JWT Authentication
Rate Limiting
Data Plane Limits
- API Key Authentication: Fair usage policy applies
- Rate limits: 1000 requests per hour per API key
- Burst capacity: 50 requests per minute
Control Plane Limits
- JWT Authentication: Higher limits for authenticated users
- Rate limits: 5000 requests per hour per user
- Burst capacity: 100 requests per minute
Security Best Practices
Troubleshooting Authentication Issues
Common Error Messages
”User Not Found”
Solution: The user is not registered. Follow the quickstart guide to register with SafeDep Cloud.
”Tenant Not Found”
Solution: Configure the tenant using:
If you’ve forgotten your tenant domain: