Skip to main content
Authentication is not yet implemented. The API and runner connections are currently unauthenticated. This page describes the intended model.

API authentication

Once implemented, all calls to https://api.lynx.tetryx.io will require a bearer token: 
curl -s https://api.lynx.tetryx.io/jobs \
  -H "Authorization: Bearer <your-api-token>"
API tokens will be issued per-tenant and scoped to your organization. Contact Tetryx to be notified when authentication goes live.

Runner authentication

Runners that connect to the Lynx platform will require short-lived credentials issued per runner instance. The intended model:
  1. You provision a runner with a bootstrap credential (enrollment token, certificate, or cloud identity)
  2. The runner exchanges that credential for short-lived Lynx connection credentials
  3. Credentials are automatically refreshed before expiry — no manual rotation required
Each runner gets a unique identity. Credentials are scoped to your tenant and the runner’s declared capabilities.

Tenant isolation

All your data — jobs, batches, runners, results — is isolated to your tenant. Other tenants cannot read or affect your workloads.

Runner enrollment

See Runner Enrollment for the planned enrollment flow.