Welcome to Gate Identity
Gate Identity is Verne's policy-first identity and access control layer, designed to sit in front of every product in the Verne stack — Relay, Clockwork, and future services.
Instead of sprinkling authorization checks across each microservice, Gate centralizes:
- identity (who is calling)
- tenancy (which tenant / workspace they belong to)
- permissions (what they are allowed to do)
so that product teams can ship features without rebuilding auth for the 10th time.
What Gate solves
| Capability | Description |
|---|---|
| Centralized identity | One place to manage users, service accounts, and API keys across all Verne products. |
| Policy-first access control | Fine-grained permissions expressed as policies that are easy to audit and evolve. |
| Tenant‑aware tokens | Every token is bound to a tenant and environment, so cross-tenant data leaks are structurally impossible. |
| Product‑agnostic | Same identity surface for Relay, Gate, and any future Verne services. |
Architecture at a glance
Gate Identity exposes a simple HTTP API that your backend, CLIs, and dashboards talk to. Under the hood it keeps:
- an identity graph (users, service accounts, roles, tenants)
- a policy engine for authorization decisions
- an audit log of all access checks
For most teams, the integration surface is small: issue a token, attach it to requests, and let Gate enforce access centrally.
Quick Start
- Create a tenant and initial admin user in the Verne Console.
- Generate a Gate API key in Dashboard → Keys.
- Use that key to obtain short‑lived access tokens for your backend or services.
The rest of this section covers the concrete HTTP endpoints and token formats.