How It Compares
Application Api Against Cloud and Self-Hosted Authorization Platforms
Authorization With Hardware at Its Root
Cloud providers and self-hosted frameworks both handle machine-to-machine authentication — as a byproduct of their broader identity models.
The Application Api handles the same requirement with application-layer envelope encryption, a dual-key authorization model, and optional hardware-backed key storage,
in a self-hosted platform built from the ground up for environments where sovereignty is a hard requirement.
Feature
Application Api
US Cloud (AWS/Azure/GCP)
EU Cloud (OVH/Hetzner/Scaleway)
ABP Framework
Machine-to-machine authentication
✓
✓
✓
✓
Application-layer envelope encryption
✓
—
—
—
Dual-key authorization model
✓
—
—
—
Hardware security module support
✓ (YubiHSM 2)
Separate service¹
—
—
Sealed startup mode
✓
—
—
—
Official .NET client package
✓
✓
—
✓ (Native .NET)
Self-hosted
✓
—
—
✓
Unified platform management
✓
—
—
—
CLOUD Act exempt
✓
—
✓²
✓
Air-gappable
✓
—
—
✓
No third-party data custody
✓
—
—
✓
¹ US cloud providers offer hardware security module support as separately provisioned and billed services (AWS CloudHSM, Azure Dedicated HSM, GCP Cloud HSM).
² EU cloud providers (OVHcloud, Hetzner, Scaleway) are not subject to the US CLOUD Act. However, data remains on the provider's infrastructure — CLOUD Act exemption does not mean sole data custody.