Security

Estimated reading: 1 minute 734 views

Authentication

All requests to the TrustCloud API authenticate using a TrustCloud-generated JSON Web Token (JWT).  This key is digitally-signed and can be set to expire, or revoked at any time.  By using a signed key, authentication and claims can be validated, and by decoupling API access from an individual user, API keys can be revoked without impacting the user’s ability to access TrustCloud.

Access Control

TrustCloud assigns all API Keys with a limited role of API_USER.  This role is limited to the following permissions necessary to access the API endpoints in TrustCloud API. 

 

Create

Read

Update

Delete

Controls

No

Yes

No

No

Systems

No

Yes

No

No

Tests

No

Yes

No

No

Evidence

Yes

Yes

No

No

API Reference

Join the conversation

ON THIS PAGE
SHARE THIS PAGE

SUBSCRIBE
FlightSchool
OR