DX

DX Trust Hub

Slava Hanzin, Dhevi Kandasamy

4 min read
DX Trust Hub
Photo by Cytonn Photography / Unsplash

At DigitalRealty, our APIs are the backbone of our digital services. You build with them, you rely on them, and you expect them to be secure and easy to use. But the reality of many different APIs means navigating many different access rules, credentials, and user contexts. This creates friction and risks.

That is where the DX TrustHub comes in. It is a vital part of our DX project. Think of TrustHub as the Single Sign-On (SSO) for our APIs. It simplifies how your applications gain access, providing a single, consistent way to authenticate across our entire API ecosystem.

The Problem: API Authentication Headaches

When you develop with APIs, you often run into these challenges:

  • Credential Fatigue: Your applications need to manage a unique set of credentials for each API they interact with.
  • Time-Consuming Setup: Getting an application authorized for a new API often means learning a new authentication flow and managing a new type of token.
  • Complex Integration: Building the logic for each API's specific authentication into your application takes effort and introduces potential errors.

DX TrustHub: Your Gateway to Consistent API Authentication

The DX TrustHub centralizes API authentication. It means your applications "log in once" to the DX ecosystem. TrustHub then handles all the complex, API-specific authentication details for you.

Single Sign-On (SSO) for APIs: Just as Single Sign-On lets a user log into multiple applications with one set of credentials, TrustHub allows an application to authenticate to many different APIs with one set of credentials from the DX Gateway. TrustHub translates that single authentication into the specific requirements of each individual backend API.

Here is how it works: When your application sends a request through the DX Gateway using its DX Gateway credentials (client_id, client_secret), the DX Gateway directs it to TrustHub. TrustHub then takes these general credentials and does two main things:

  1. Authenticates You: It verifies your application's identity within the DX ecosystem.
  2. Acquires API-Specific Authorization: TrustHub obtains the exact credentials (e.g., an OAuth token, an API key, a specific role context) that the target backend API expects.

This means the backend API receives exactly what it needs, but your application only ever provided a single credential.

1. Simplified Integration: You Use One Credential, TrustHub Handles the Rest

You no longer need to worry about the unique authentication methods for every single API.

  • Seamless Access: Your applications present their DX Gateway credentials. TrustHub takes care of translating that into the correct authentication for the specific API you are calling.
  • Reduced Development Effort: You can remove complex, API-specific authentication logic from your applications. This saves development time and reduces potential errors.

2. Comprehensive Identity Lifecycle Management

TrustHub is a cornerstone of our complete identity lifecycle solution for users, organizations, and machine-to-machine (M2M) service accounts.

  • Internal and External User Support: We support registration and lifecycle management for internal users, including domain whitelisting. TrustHub also enables the onboarding of external users from existing identity providers (IdPs).
  • Organization and Permissions Management: You can create organizations, assign roles, and manage permissions directly through the DX Portal, all supported by TrustHub's identity layer.
  • Automated M2M Accounts: TrustHub supports the automatic creation and synchronization of machine-to-machine applications for seamless service integrations.
  • Full Lifecycle Control: We handle user suspension, deletion, and rollback scenarios with complete downstream cleanup, ensuring robust identity governance.

3. Advanced Authentication and Federation

TrustHub underpins a unified authentication and federation layer that connects DXM to multiple existing DLR identity providers.

  • Unified Authentication: TrustHub implements a unified authentication and federation layer, connecting DXM to multiple existing DLR identity providers.
  • Federated User Support: In cases where DXM does not directly manage user accounts, TrustHub enables authentication and authorization for these federated users.
  • Platform-wide Single Sign-On: This layer enables single sign-on across the entire DXM platform.
  • Standardized Onboarding: We provide standardized templates and flows for onboarding new organizations or partners via federation.
  • Extensible Design: TrustHub's structure allows for future integrations with new identity providers, adapting to evolving needs.

4. Enriched Identity: Context for Smart Decisions

TrustHub does more than just authenticate; it builds a rich context around every API request.

Attribute Enrichment: TrustHub collects detailed information – or "attributes" – about your application or the user behind it. This data comes from our DLR SSO, Global User Management (GUM), DX SSO, and the DX Portal, including your organization's rights and permissions. TrustHub then provides this full context to the DX Policy Engine.

This rich, verified data is TrustHub's key output. It feeds into our DX Policy Engine (via the DX Gateway). It means that security policies, like rate limits or specific endpoint access, can be applied with extreme precision. Policies can be based on who you are, your role, your customer tier, and many other relevant factors.

5. Faster Onboarding and Development

Without TrustHub, getting an application authorized for a new API often means a manual process of requesting specific roles or credentials from the API owner.

  • Streamlined Access: TrustHub's centralized approach means you no longer need to navigate these individual API onboarding processes for authentication.
  • Accelerated Projects: This significantly speeds up the time it takes to get new applications and integrations up and running with our APIs.

DX TrustHub: Connecting You Securely and Smartly

The DX TrustHub is a foundational service within DigitalRealty. It makes your API interactions simpler, more secure, and more intelligent. It frees you from dealing with complex authentication and gives our systems the rich data they need to make precise, context-aware decisions.

TrustHub connects your identity to your actions, ensuring that you get seamless access while maintaining the highest security and compliance standards across all DigitalRealty APIs.