Topolo Auth
Public overview of identity, service registration, API keys, and permission ownership across the platform.
What It Is
Topolo Auth is the platform identity and authorization service. It owns user auth, org membership, service registration, permissions, and centralized API key scope catalogs.
Architecture
Auth is a dedicated service with its own worker/runtime surface, D1-backed catalogs, and platform-wide responsibility for validating access context.
Runtime Surfaces
The primary Auth hostname is https://auth.topolo.app.
API Reference
Use /reference/api/topolo-auth and /reference/apps/topolo-auth for the current route families and API-oriented contract surface.
Auth and Permissions
Auth is the source of truth for service IDs, API key scopes, service permissions, and bindable resource catalogs.
Data Ownership
Auth owns the canonical API key scope catalog, resource binding catalog, service registration, and permission metadata that other apps consume.
Deployments
Auth deploys as a Cloudflare-backed runtime surface with D1-backed data catalogs and route validation.
Failure Modes
- stale user or service context
- missing service catalog rows for scopes or permissions
- mismatched service IDs between docs and Auth seeds
Debugging
Start with /systems/topolo-auth, then inspect the API and machine artifacts for the relevant service or catalog route.
Change Log / Verification
- Verified against the current Auth-backed scope and resource catalog model on 2026-03-29