Back to Changelog

Zuplo Identity Token + Federated Identity

The Zuplo Identity Token is a new feature that allows developers to create a JWT token that uniquely and securely identifies their Zuplo API. This token can be used to authenticate downstream services or third-party APIs, enabling secure communication between services without the need for additional authentication mechanisms or sharing of sensitive credentials.

Zuplo Identity Token#

The Zuplo Identity Token is a JSON Web Token (JWT) that contains information about the Zuplo API that it represents. This token is signed by Zuplo and can be verified by downstream services or third-party APIs to ensure its authenticity and integrity.

The token contains claims for the Zuplo account, project, and deployment that can be used to uniquely identify the API and its associated resources. See the Zuplo Identity Token documentation for more information.

Using the Zuplo Identity Token#

Developers can access the Zuplo Identity Token in their code by calling the ZuploServices API. A custom audience can be provided to the token to ensure that it is only usable by the intended downstream service. Multiple tokens with different audiences can be created and caching is managed by Zuplo to ensure high performance.

import { ZuploServices, ZuploContext, ZuploRequest } from "@zuplo/runtime";
 
export default async function handler(
  request: ZuploRequeset,
  context: ZuploContext,
) {
  const idToken = await ZuploServices.getIDToken(context, {
    audience: "https://my-api.example.com",
  });
 
  const response = await fetch("https://my-api.example.com", {
    headers: {
      Authorization: `Bearer ${idToken}`,
    },
  });
}

Federated Identity with GCP#

Federated Identity increases the security of your Zuplo API by removing the need to share sensitive service account keys with your Zuplo API. Instead, Zuplo will use the Zuplo Identity Token to authenticate with Google Cloud Services on your behalf.

A new policy has been added to Zuplo that enables Federated Identity with Google Cloud Services. By utilizing this policy developers can secure their GCP API or other Google Cloud Resources (Storage, Pub/Sub, etc.) with GCP IAM and allow Zuplo to call these services on their behalf.

Federated Identity with GCP is available as a paid-addon to customers on enterprise plans. Contact your account manager or sales@zuplo.com to inquire about pricing.

For more information on how to configure Federated Identity with GCP, see the Federated Identity with GCP documentation.

Designed for Developers, Made for the Edge

Start for FreeRead docs