Authentication
OAuth2 Client Credentials
# 1. Obtain token
curl -X POST https://auth.cdp.internal/oauth/token \
-d "grant_type=client_credentials" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET" \
-d "scope=profile:read segment:read"
# 2. Use token
curl -H "Authorization: Bearer {token}" \
https://api.cdp.internal/v1/segments
Scopes
| Scope | Permissions |
|---|---|
profile:read | Read profile data (requires consent check) |
segment:read | List and read segments |
segment:write | Create and modify segments |
pipeline:read | View pipeline configurations |
pipeline:write | Create and deploy pipelines |
consent:manage | Update consent preferences |
dsar:process | Process data subject requests |
admin | Full platform access |
Service-to-Service Auth
Internal services use mTLS with certificates managed by HashiCorp Vault.