Skip to content
Vestval

Developer Platform

Authentication

The authentication and authorization model for the Vestval platform — tokens, scopes and least privilege.

Overview

Every API request is authenticated and every credential is scoped. We use token-based authentication with fine-grained scopes so integrations only get the access they genuinely need.

Authentication is designed around least privilege and rotation: credentials are short-lived where possible, scoped narrowly, and revocable instantly.

What this covers

Token-based

Requests are authenticated with bearer tokens issued to your integration.

Scoped access

Tokens carry fine-grained scopes so an integration only accesses what it needs.

Rotation

Credentials can be rotated and revoked instantly without downtime.

SSO & identity

Enterprise identity via SSO integrates with the platform's access model.

Least privilege

Default scopes are minimal; broader access is explicit and auditable.

Audit logging

Authentication and authorization events are logged for review.

FAQ

Frequently asked

  • Requests use scoped bearer tokens issued to your integration, following least-privilege defaults.