Skip to content

Federation Model

Kiket extensions run wherever you deploy them. Federation keeps your infrastructure under your control while ensuring secure interoperability with Kiket.

Responsibilities

  • Kiket – Authenticates users, manages extension installations, signs webhooks, and exposes APIs.
  • You – Host HTTP endpoints, manage scaling, secure secrets, and implement business logic.

Communication Flow

  1. Organization installs the extension by referencing a manifest stored in Git.
  2. Kiket issues an API key scoped to the project + permissions listed in the manifest.
  3. Events trigger webhooks to your endpoint; payloads include metadata and HMAC signatures.
  4. Your service responds (200/204). Retries happen on non-2xx responses or timeouts.
  5. Optional: your service calls Kiket’s REST API using the provided API key.

Security Features

  • HMAC signatures using SHA-256 and a per-installation secret stored encrypted in Kiket.
  • API keys tied to scopes (e.g., read:issues, write:comments).
  • Webhook IP allowlists available for organizations that want to restrict ingress.
  • Audit logs capture every installation, secret rotation, and manifest update.

Multi-Environment Support

  • Use manifest environments to provide different endpoints (dev/staging/prod).
  • Projects can override environment selection in the UI.

Best Practices

  • Deploy extensions close to Kiket’s region to reduce latency.
  • Store configuration secrets in your infrastructure; Kiket only stores metadata and encryption-wrapped values you provide.
  • Rotate API keys periodically and redeploy manifests with new versions to enforce upgrades.

Federation keeps Kiket flexible: bring your own stack, language, and hosting provider.