Client ID #
Every application wishing to protect their data with AcraTranslator should provide an identifier called client ID. Based on the client ID, AcraTranslator will choose corresponding encryption keys to process client requests.
The way how application can pass client ID to AcraTranslator depends on API type: gRPC or HTTP.
gRPC API #
By default, application have to specify
client ID in every request was sent to AcraTranslator except when
--acratranslator_client_id_from_connection_enable flag used. Every type of request declared in
*.proto file has
It can be changed with
--acratranslator_client_id_from_connection_enable flag that configures AcraTranslator to
extract client ID value from incoming connections. AcraTranslator accepts only TLS connections with mutual authentication.
HTTP API #
AcraTranslator uses client ID derived from client’s certificates in TLS handshakes (mutual authentication required).
TLS certificate #
When AcraTranslator is launched with
for HTTP API or additionally with
flag, client IDs will be derived from TLS certificates provided by the client during handshake.
The exact behavior will also depend on value from
see its description for more on that.