The Samvaad platform integrates with your service using this contract to enable the Bring Your Own Key (BYOK) feature. The Samvaad platform will make outbound calls to these API endpoints to authenticate, request decryption of data keys, and key generation for rotation.

Onboarding and Authentication Methods:

You can choose one of two ways to authenticate requests from Samvaad:
  1. Client Credentials: Provide Samvaad with a Client ID and Client Secret. Samvaad will call your /auth endpoint to get a short-lived JWT, which will be sent as a Bearer token in subsequent requests.
  2. Static API Key: Provide Samvaad with a long-lived API Key. Samvaad will send this key directly as a Bearer token in every request. The /auth endpoint is not used in this case.

Integration Requirements:

  • Host Endpoints: You must host these endpoints on a secure HTTPS server.
  • Firewall Configuration: You must whitelist Samvaad’s egress IP addresses to allow incoming requests to your service. Please contact Samvaad Support for the current list of IP addresses.