Aegis Developer Portal

Developer Search

Press ⌘K or Ctrl+K to jump through guides and public API docs for user-owned master key and scoped credential flows.

API Reference

Aegis Platform API

Connect RPC surface for the Aegis zero-knowledge platform. Operations are tagged as `public` (integrator-facing) or `private` (internal/elevated).

This explorer lists public operations and documents the model where users control master keys while platform services enforce policy and scoped access.

Developer Home

POSTpublicIdentityGatewayServiceAuth Required

Approve MCP OAuth Device Authorization

/aegis.v1.IdentityGatewayService/ApproveMcpOauthDeviceAuthorization

Authentication

This endpoint requires a bearer access token. Use short-lived tokens and send them only in the Authorization header.

Keep tokens short-lived and rotate them frequently.
Never include tokens in query parameters or logs.
Use least-privilege scope grants for the caller.
Preserve user data ownership boundaries: authenticate and authorize access without transmitting plaintext master key material.

Security Schemes

BearerAuthscopes: token must still be policy-allowlisted.

Parameters

Name	In	Required	Description
Connect-Protocol-Version	header	yes	-
Connect-Timeout-Ms	header	no	-

Request Body (Example)

{
  "deviceCode": "string",
  "approve": true,
  "denialReason": "string"
}

Responses

200

Success

{
  "approved": true,
  "status": "string"
}

default

Error

{
  "code": "string",
  "message": "string",
  "details": [
    {
      "type": "string",
      "value": "string",
      "debug": {}
    }
  ]
}

curl -X POST "https://aegis-consumer-api-lgbfsi3yxa-uc.a.run.app/aegis.v1.IdentityGatewayService/ApproveMcpOauthDeviceAuthorization" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <YOUR_ID_TOKEN>" \
  -H "Connect-Protocol-Version: 1" \
  -d '{
  "deviceCode": "string",
  "approve": true,
  "denialReason": "string"
}'