Methods of Authentication

Whereas the Cordial Treasury "appliance" (the servers that host the MPC policy and MPC keys) run inside your own infrastructure, and use cryptographic signatures to authenticate Treasury users (HTTP Message Signatures), other components like:

• Treasury UI (typically)
• Admin API
• Oracle API

run on Cordial infrastructure and use normal HTTP authentication methods (Bearer and Basic) to authenticate "Cordial Accounts".

Cordial Accounts are intended to link back to your organization's identity provider (e.g. Google Workspace or Microsoft Entra).

To authenticate to APIs, you can:

• send an "access token" (tied to your personal identity) as cookie or header, or
• send an "API key" (tied to your organization) as header

To authenticate to Treasury, you:

• send a signed HTTP request