API Endpoint Zones

Core exposes two groups of endpoints that are intended for different network zones. Controlling which endpoints are enabled in each zone prevents management operations from being exposed to public networks.

/api — Management endpoints called by operators and internal services: organizations, cryptographic keys, credentials, and proofs. Enable only in internal network zones.
/ssi — Endpoints called by external parties such as wallets and verifiers, and by Core itself for protocol operations. Enable only in public-facing zones.

Configuration

app:
  enableManagementEndpoints: false  # true for internal zone
  enableExternalEndpoints: false    # true for public zone
httpClient:
  insecureHttpTransportAllowed: false  # true for local development only
  maxRedirects: 3

Example configurations

Local development

app:
  enableManagementEndpoints: true
  enableExternalEndpoints: true
httpClient:
  insecureHttpTransportAllowed: true
  maxRedirects: 3

Production — internal zone

app:
  enableManagementEndpoints: true
  enableExternalEndpoints: false
httpClient:
  insecureHttpTransportAllowed: false
  maxRedirects: 3

Production — public zone

app:
  enableManagementEndpoints: false
  enableExternalEndpoints: true
httpClient:
  insecureHttpTransportAllowed: false
  maxRedirects: 3

Configuration​

Example configurations​

Local development​

Production — internal zone​

Production — public zone​

Configuration

Example configurations

Local development

Production — internal zone

Production — public zone