Auth
Authentication
Luna supports multiple Authentication paradigms.
Sign Up Process, via the API
The below steps can be executed over the API, using information in the REST API section
- New users can signup without an api key (email verification is required)
- Login without an api key, to get a bearer token
- Create an organisation using a bearer token or existing API key (the creating user will be automatically added into the organization)
- API keys can be created within an organization, using a bearer token or existing API key
Once you have an API key, you can use the rest of the API.
Alternatively, you can perform the above steps via the management console.
User Login
Users can login with an email + password combination. On successful login, users are granted a short lived access token.
This access token should be provided via the Authorization: Bearer ***** header.
Note user login is only possible once a user has verified their email address. SSO is on our roadmap soon, as is two factor authentication.
API Keys
Users can also create API Keys for programmatic access to the platform. API Keys are scoped to a specific Organization and inherit the authorization permissions of the User that created them.
API Key auth should be provided via the Authorization: Api-Key ***** header.
Authorization
Organization Authorization
The Authorization paradigm at the moment is quite simple. Within an Organization every member has admin permissions to create and edit Templates and Contracts.
Fine Grain Access controls are on our Roadmap. If fine grained access controls are important to your use case come and chat with us. You can find details on the Community Page.