Welcome to Gate Identity
Gate Identity is Verne's centralized identity and access control layer. It sits in front of every product in the Verne stack — Relay, Clockwork, and future services — acting as the single source of truth for authentication and authorization.
Instead of sprinkling authorization checks across each microservice or rebuilding login flows for the 10th time, Gate centralizes:
- Identity (who is calling, including your end-users)
- Tenancy (which tenant / workspace they belong to)
- Permissions (what they are allowed to do)
What Gate solves
| Capability | Description |
|---|---|
| B2B2C User Management | Seamlessly manage your end-users. Gate provisions, authenticates, and stores user profiles securely. |
| Policy-first access control | Fine-grained permissions expressed as policies that are easy to audit and evolve. |
| Tenant‑aware isolation | Every token and user is strictly bound to a tenant. Cross-tenant data leaks are structurally impossible. |
| Product‑agnostic | The same unified identity surface for your custom apps, Relay, Gate, and any future Verne services. |
The Identity Model
Gate Identity recognizes three distinct types of actors to keep data perfectly isolated:
- Verne Admins: System administrators managing the global infrastructure.
- Tenants (You): Our customers who build on top of Verne services. You have API keys and access to the Verne Console.
- End-Users: Your customers. They interact with your applications. Gate manages their credentials and profiles, ensuring they are strictly scoped to your
tenant_id.
Architecture at a glance
Gate Identity exposes a simple HTTP API that your backend, CLIs, and dashboards talk to. Under the hood, it combines a robust, hardened identity server (powered by Ory Kratos) with our custom high-speed policy engine.
For most teams, the integration surface is small:
- For API access: Issue a token, attach it to backend requests, and let Gate enforce access centrally.
- For User Auth: Forward your end-users' login/registration payloads to Gate, and we handle the secure storage, password hashing, and session management.
Quick Start
- Create a tenant in the Verne Console.
- Generate a Gate API key in Dashboard → Keys.
- Use that API key to:
- Provision end-user identities via the
/v1/gate/identitiesendpoint. - Obtain short‑lived access tokens for your backend via the
/v1/gate/tokensendpoint.
- Provision end-user identities via the
Authentication
Every request to the Gate API must include a Bearer token in the Authorization header. Gate API keys follow a strict format so you can easily identify them in logs or environment variables:
vrn_gate_<environment>_<secret>
| Prefix | Environment |
|---|---|
vrn_gate_test_ | Sandbox — safe for development, local testing, and staging. |
vrn_gate_live_ | Production — access to live tenants, real users, and production data. |
Example header:
Authorization: Bearer vrn_gate_live_sk_9f8a7...
Tokens are scoped to a single tenant and environment, and can be instantly rotated from the Dashboard → Keys page.