Tokens Api
Temporary Tokens for Permanent Trust
Features
  • Token Issuance: Issue short-lived, opaque tokens for any user-facing confirmation workflow โ€” email verification, password resets, account activations, and similar identity transactions.
  • Configurable Lifetime: Each token's expiration window is set at creation time in minutes, matched to the risk profile of the use case.
  • IP Address Binding: Tokens are bound to the requesting IP address. Validation from a different origin fails.
  • Application-Defined Types: Owner identifiers and token types are defined by the calling application. The platform manages the lifecycle; the application assigns meaning.
  • Full Lifecycle Operations: Create, Validate, Get, and Delete operations cover the complete token lifecycle.
  • Server-Side Revocation: Tokens carry no payload and exist only on the server. Revoke one and it ceases to exist immediately, with no waiting for expiry.
  • Authorization-Enforced Access: Every request to the Tokens Api is validated by the Application Api. A service must be registered and authorized before it can create or consume tokens.
How It Compares
No Cloud Service Offers This Primitive
One API Call Instead of an Infrastructure Problem
Every application that needs confirmation links, password resets, or time-limited identity transactions must solve the same set of problems. No cloud provider offers a native token primitive for this pattern. This is the engineering the Tokens Api handles โ€” and what you are left with otherwise.
Capability
Tokens Api
US Cloud (AWS/Azure/GCP)
EU Cloud (OVH/Hetzner/Scaleway)
ABP Framework
Opaque token generation
Configurable expiry
IP address binding
Server-side revocation
Application-defined owner types
Multi-category token workflows
Secure validation endpoint
Database schema and migrations
Envelope encryption
Authorization enforcement
CLOUD Act exempt
✓¹
Air-gappable
No third-party data custody
ยน EU cloud providers (OVHcloud, Hetzner, Scaleway) are not subject to the US CLOUD Act. However, data remains on the provider's infrastructure โ€” CLOUD Act exemption does not mean sole data custody.
Tech Sovereignty
Arch
Company
About Contact