Authorization - Veryfront

Conversation flows cross user, service, and project boundaries. User-scoped calls use bearer auth. Project-scoped operations also check membership, role, and resource access.

Boundaries

Boundary	Check
Studio to API	Bearer auth, then conversation or project permissions.
SSE run stream	Conversation access before replay or follow.
Project event notifications	Project access before subscription.
Studio to hosted agent	Bearer token authentication.
Hosted agent to API	Forwarded bearer token for project and conversation operations.
API to project resources	Project permissions and resource-specific access checks.

Rule

Use bearer auth for user-scoped API and agent calls. Veryfront applies project permission checks before exposing conversation, run, and event data.

Events and streaming Connect an agent

​Boundaries

​Rule

Boundaries

Rule