Authorization for Admin API of Kratos (M2M authorization)


I’m rather new to the whole identity management and security, so please be patient with me if this question is stupid.

Usually, there are some authorization steps done (e.g. via tokens) when communicating with an API and in our setup we definitely need that. We don’t want to fully rely on just securing the network within our Kubernetes cluster.

So are there possibilities to do that? And to authorize write and read access separately for example? I am pretty sure that Kratos has a similar feature, but I couldn’t find it in the docs.

Thank you for your help!

If you use something like ORY Oathkeeper in front of ORY Kratos then you would be able to expose the ORY Kratos Admin APIs to the public internet :slight_smile:

I will have a look at Oathkeeper then! This can certainly be a workaround for managing internal accounts for the admin section… Thanks!