v1.0 stable · Hosted value-add

Hosted Service

Optional hosted nonce/session service concepts, boundaries, and configuration.

Overview

Hosted auth is an optional value-add service. The open-source SDK remains fully self-hostable.

Projects using hosted auth should configure allowed domains, API keys, usage limits, and audit logs.

Requirements

  • Hosted endpoints must cover nonce issue, login verification, session creation, current user, and logout.
  • Allowed domains should be enforced before nonce issue and again during signature verification.
  • API keys should be scoped per project and rotated without breaking active sessions.
  • Audit logs should capture nonce issue, verify success/failure, and session invalidation.

Related

CLI hosted recipeSecurity