Principal Types
Breezy authorization uses a principal with three parts:- actor: who is performing the action
- subject: who or what the action is for
- scope: the tenant or system boundary
User JWT
User JWTs normally resolve to a user actor, user subject, and tenant scope. They can perform user-only actions such as API key management.Service API Key
API keys resolve to a service actor, tenant subject, and tenant scope. They are appropriate for automation but intentionally cannot manage API keys.Staff Token
Staff tokens are internal support credentials. Staff-only and admin procedures are excluded from the public OpenAPI artifact. See:packages/backend/src/application/types/principal.ts