Set up and manage your client ID and secret to securely authenticate and access protected API endpoints.
Audience and API Resource Permissions
When integrating any downstream service through the Verve Gateway, all clients whether new or existing must ensure their Client Id is properly configured with the required aud (audience) values and api_resources API resource permissions.
"verve-gateway" to the Audience List
While setting up your client credentials (client_id,
client_secret, etc.), include
"verve-gateway" in the aud section of your request
payload. For existing clients, please follow the existing process to request an update
on your client_id configuration to include this audience entry.
{
"aud": [
"verve-gateway",
...
]
}
Define the HTTP methods and gateway routes your client should have access to
under the api_resources section of your configuration. This step
ensures your client only interacts with authorized endpoints.
{
"api_resources": [
"rid-{{http-method}}/gateway/{{service-name}}/**"
}
Sample:
{
"api_resources": [
"rid-GET/gateway/safetoken/**",
"rid-POST/gateway/safetoken/**",
"rid-PUT/gateway/safetoken/**",
"rid-PATCH/gateway/safetoken/**",
"rid-DELETE/gateway/safetoken/**"
"rid-GET/gateway/loyalty-engine/**",
"rid-POST/gateway/loyalty-engine/**",
"rid-PUT/gateway/loyalty-engine/**",
"rid-PATCH/gateway/loyalty-engine/**",
"rid-DELETE/gateway/loyalty-engine/**"
]
}
⚠️ Important: Any API resource or HTTP method not listed in
your api_resources configuration will be denied by the Verve
Gateway access control layer. Be sure to specify all necessary routes for
your service integration.