Digital Identity
Infrastructure API

Hardware-secured ECDSA P-384 key pairs, identity lifecycle management, and cryptographic verification — built for zero-trust architectures.

System Status

✓

HSM Proxy

P-384

Key Algorithm

SHA-384

Digest

Live

Status

API Endpoints

POST/v1/identitiesCreate identity + HSM key pair

GET/v1/identities/{id}Retrieve identity & public key

POST/v1/identities/{id}/suspendSuspend identity (reversible)

POST/v1/identities/{id}/revokeRevoke identity + destroy key

GET/healthzService health check

Quick Start

terminal

# Create a new identity with HSM-backed key pair
curl -X POST https://rid.deploymt.com/v1/identities \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -d '{"display_name": "My First Identity"}'

# Response includes ECDSA P-384 public key
{
  "id": "4bd2ad72-...",
  "public_key_pem": "-----BEGIN PUBLIC KEY-----\nMHYw...",
  "key_algorithm": "ECDSA_P384_SHA384",
  "status": "active"
}

Architecture

🔒

Client

REST / HTTPS

⟶

⚙

rid-core

Go API Server

⟶

🔑

HSM Proxy

Rust / P-384

⟶

📚

PostgreSQL

Identity Store

Security Properties

🛡

HSM Key Boundary

Private keys never leave the HSM. Only public keys and signatures cross the boundary.

🔄

Compensating Transactions

If DB insert fails after key generation, HSM key is automatically destroyed.

🔎

Full Audit Trail

Every identity operation is recorded with actor, timestamp, and event details.

🚫

Cryptographic Revocation

Revoking an identity destroys the HSM key, ensuring non-recovery.

🌐

Zero-Trust Network

NetworkPolicy restricts HSM proxy access to rid-core only.

🔐

Bearer Token Auth

Every request authenticated. mTLS in production deployment.

Digital IdentityInfrastructure API

Digital Identity
Infrastructure API