How this service handles authentication.
Full flows: docs/architecture/auth-flows.md
Tokens This Service Accepts
| Token type | Where validated | Guard / middleware |
|---|
| (none) | N/A | N/A |
Tokens This Service Sends
| Calling | Token used | How attached |
|---|
| hbf-core | CORE_TOKEN | Bearer header (via HBFCoreApi(config.get("core.url"), config.get("core.token")) in app.js) |
Tokens This Service Issues
None.
Roles / Scopes Enforced
| Endpoint pattern | Required role |
|---|
| (none) | N/A |
Auth Notes
- Restify-based daemon process for broadcasting messages to Facebook, Teams, Slack, Viber, and Email.
- No auth guards detected. No queryable HTTP API with authentication.
- Internal-only service. Security relies on network-level isolation rather than token-based auth.