Next‑Gen Trust Security
Overview: Custom API Integration Built-in Accounts
Table of Contents
Overview: Custom API Integration Built-in Accounts
Custom API Integration built-in accounts lets you authenticate and use Next-Gen Trust Security APIs without the need for API keys. They leverage third-party issued tokens for authentication, offering improved security and scalability through Workload Identity Federation (WIF).
What is Workload Identity Federation (WIF)?
WIF is a security methodology that allows your applications to securely authenticate with Next-Gen Trust Security without having to manage and secure long-lived credentials (like passwords or API keys). Instead, it uses short-lived tokens obtained from a trusted Identity Provider (IDP). This means your application proves its identity to the IDP and receives a token, which it can then use to access Next-Gen Trust Security. Learn more
Custom API Integration built-in accounts are particularly beneficial in situations where:
- Machines request access to Next-Gen Trust Security APIs, requiring a scalable and secure authentication mechanism.
- There's a need for improved VCert deployment and authentication options in mass deployment scenarios.
- Enhanced security alignment with enterprise customers' API authentication policies is required.
What Is the Workflow?
In context of Venafi products, WIF allows you to access Next-Gen Trust Security-protected resources without needing to manage secrets.
Key Benefits of Using Custom API Integration
The key benefits of using this type of built-in account include:
- Streamlined JWT handling: Simplifies JWT management by using the JWKS_URI to dynamically retrieve signing keys, reducing administrative overhead.
- Custom API Integrations: Provides new authentication use cases in the Built-in Account UI, initially for VCert-related APIs, with a roadmap to include more integrations such as Keystores as development continues.
- Flexible configuration: Allows for the use of more than one public key + JWT claims (Audience+Issuer URL), which can be configured at either the tenant level (ideal case) or the application level to start with.
- Enhanced security: Ensures dynamic and secure credentials by utilizing OAuth2 Token endpoints. You have the flexibility to either enter the JWKS_URI manually or allow the system to retrieve it automatically. This approach aligns with modern security standards and offers simplified credential management.
Note: If you do not see this option, please contact your Venafi sales representative for information on the correct Next-Gen Trust Security tier subscription you need.
Next Steps
Before you create a Custom API Integration built-in account, review the basics of creating built-in accounts, or if you've done that already, get started with creating one here.