What is NVM ID?
NVM ID is Nevermined’s identity and access management system that handles authentication, authorization, and user management across the platform. It provides the security layer that ensures only authorized users can access AI services.Current Implementation
API Key Authentication
Builders authenticate using Nevermined API keys:Bearer Token Access
Subscribers receive bearer tokens for API access:Key Components
API Keys
Master keys for builders and developers
Access Tokens
JWT tokens for API authentication
Plan Validation
Ensures users have active subscriptions
Request Signing
Cryptographic request validation
Authentication Flow
Current Features
For Builders
- API key generation and management
- Session management
- Usage analytics access
For Subscribers
- Wallet-based authentication
- Access token generation
- Multi-plan management
Planned Features
The following features are planned for future releases:
Enhanced Identity Management
- User profiles with metadata
- Multi-factor authentication
- Social login integration
- Enterprise SSO support
Advanced Access Control
- Role-based permissions
- Fine-grained access policies
- API rate limiting per user
- Geographic restrictions
Compliance Features
- KYC/AML integration
- Age verification
- Data privacy controls
- Audit logging
Integration Points
With NVM Pay
- Links identity to payment plans
- Validates subscription status
- Tracks usage per user
With AI Agents
- Authenticates API requests
- Enforces access policies
- Provides user context
Security Considerations
API Key Security
API Key Security
- Store keys in environment variables
- Rotate keys regularly
- Never expose in client code
- Use separate keys for dev/prod
Token Management
Token Management
- Tokens expire automatically
- Refresh tokens not yet implemented
- Validate on every request
- Handle expiration gracefully
Best Practices
Best Practices
- Use HTTPS for all requests
- Implement request timeouts
- Log security events
- Monitor for anomalies
Coming Soon
- Detailed API documentation
- User management dashboard
- Advanced authentication methods
- Compliance toolkit
- Enterprise features