Auth: hbf-data-retention
How this service handles authentication. Full flows:
docs/architecture/auth-flows.md
Tokens This Service Accepts
| Token type | Where validated | Guard / middleware |
|---|---|---|
| (none) | N/A | N/A |
Tokens This Service Sends
| Calling | Token used | How attached |
|---|---|---|
| hbf-core (all OrganizationsClient / TenantsClient calls) | HBF_CORE_ACCESS_TOKEN as Bearer token | Passed to HBFCoreApi constructor: new HBFCoreApi(coreUrl, coreAccessToken) |
Tokens This Service Issues
None.
Roles / Scopes Enforced
| Endpoint pattern | Required role |
|---|---|
| (none) | N/A |
Auth Notes
while(true)daemon process for S3/MinIO data retention.- No HTTP API with auth guards. Internal-only service.
- Security relies on network-level isolation and IAM credentials for S3/MinIO access (not token-based HTTP auth).