API Keys

Service credentials sibling surfaces use to call the identity API. Keys are issued and rotated centrally; secrets stay server-side.

Credential types

Publishable key
Identifies the cargo.ac auth project; safe to ship in spoke client code.
Browser-safe
ready
Service key
Grants verify + provisioning access. Confined to *.server.ts; never exposed to clients.
Server-only
ready
Spoke heartbeat token
Scoped credential a spoke uses to post telemetry to the hub.
Per-app
planned

Auth client SDK

in progress

Thin wrapper over the cargo.ac browser client + OIDC Authorization Code + PKCE flow.

Consumers: Every spoke

Identity API contract

ready

Typed endpoint definitions (this file). api.cargo.ac is a reserved namespace.

Consumers: one · dev · console

App registry

ready

Shared source of truth for apps, consoles and websites.

Consumers: apps · admin · console

Design system

in progress

CargoWorks tokens, components and the 4-tier shell.

Consumers: All cargo.ac surfaces

Never store service keys in the database or client bundles. Issue them as platform secrets and read them only inside server functions.