Developer Search
Press ⌘K or Ctrl+K to jump through guides and public API docs.
API Reference
Aegis Platform API
Connect RPC surface for the Aegis zero-knowledge platform. Operations are tagged as `public` (integrator-facing) or `private` (internal/elevated).
Explore Endpoints
Entries are generated from protobuf and filtered to public operations only. Internal endpoints remain hidden from this explorer.
Open First EndpointAuthentication Process
- Authenticate the caller (user session for public APIs, workload identity for broker workflows).
- Mint/exchange short-lived broker token and bind to tenant/principal identity.
- Send `Authorization: Bearer ...` and sender-constrained proof for sensitive lease actions.
- Apply policy checks on scope + target selectors before returning credential material.
Token guidance and bootstrap hardening are documented in `/developer/security` and `/developer/patterns`.
Scoped Credential Access
For broker lease workflows, scope should bind action and credential target resource selectors.
credential.lease.create:provider:gcp:app:billing-prod:account:deploy-bot
credential.lease.redeem:provider:aws:app:payments:account:ci-role
credential.lease.revoke:provider:gcp:app:analytics:account:breakglass- Grant create/redeem/revoke independently.
- `MintUserApiToken` requires non-wildcard selectors (specific app/account targets only).
- Deny and audit scope escalation attempts.
- Lease operations require selector-scoped grants; action-only scopes are insufficient.
Public APIs
29 endpoints