Digital Twin · Security
Security & access

APIs for systems, not end users

Digital Twin is never exposed to the end user. API consumers are digital channels, card and payment processors, and equivalent partners. Each consumer is an authenticated, authorized system acting on behalf of end customers.

mTLS + OAuth2
Each partner uses mutual certificates and client credentials scoped per domain.
Per-domain scopes
The ACH processor only posts ACH transactions; channels only read authorized balances.
Idempotency
Every post carries an idempotency key to prevent double-spending.
Immutable audit
Every access and transaction is recorded immutably for audit.
Trust model: partners are first-class systems. There is no end-user session in Digital Twin — the end customer's identity travels as a transaction attribute, authorized by the partner.

OpenID Connect — per-microservice authorization

Digital Twin's APIs are never exposed to the end user — only to other microservices, which in turn may be reached by third parties through the bank's own authentication, identification and access-control system. To secure those calls, Digital Twin uses OpenID Connect (for example, Keycloak) to authorize every API call.

This lets the bank control — per microservice — exactly which APIs each client may call. Each microservice authenticates against the OpenID provider and receives a token carrying its granted scopes; Digital Twin validates the token and enforces those restrictions on every request.

OpenID provider (Keycloak)
Issues tokens to each client microservice; the bank manages realms, clients and roles.
Per-API scopes
A microservice can only call the APIs granted in its token — restrictions set by the bank.
Validation on every call
Digital Twin validates the token signature, issuer and scopes before processing.
Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6...

// validated claims (issued by Keycloak)
{
  "iss":   "https://id.bank.example/realms/digital-twin",
  "azp":   "ach-processor",            // calling microservice
  "scope": "tx:post:ach balances:read",  // APIs this service may call
  "exp":   1782226800
}

The call above may only post ACH transactions and read balances. Calling any API outside its scope returns 403.

← Ledger model REST APIs →