search

White-Label Integration

Kape’s infrastructure and SDKs are designed to support full white-label operation. In this model you retain ownership of customer identity, authentication, billing, and subscription management, while delegating network delivery and related client capabilities to Kape. Your systems remain the system of record for users and entitlements; the SDK interacts with Kape using partner-specific domains and a trust relationship that accepts your assertions as the basis for issuing service credentials.

In a typical flow the customer signs in against your identity provider, for example via OpenID Connect, a SAML-based service, or a proprietary login. The client application receives an authentication credential from your IdP and does not send any personally identifiable information to Kape. Instead, the client contacts a validation endpoint that you operate. This endpoint verifies the presented credential, looks up the customer’s active subscription, and returns an entitlement document that describes what the customer is allowed to use. The document expresses just feature indicators and Kape's services will issue Subscription Receipt Tokens containing entitlements, which represent these features.

The SDK will be configured with a custom domain to fetch the Subscription Receipt Token.

hashtag
Staging and Production environments

From an operational perspective you will want distinct staging and production tenants, each with its own domains, signing keys, and rate limits. Staging allows you to validate changes to your entitlement schema, key rotation procedures, and SDK updates without impact on end users.

In summary, white-label integration lets you keep your customer and subscription logic exactly as it is today, while the Kape SDK converts your authenticated, signed entitlements into anonymous service credentials against partner-specific Kape domains. Your systems authenticate and authorize; the SDK performs the exchange and enforces access on the client; Kape delivers the network and platform features behind an interface that never requires exposure of your users’ identities.

hashtag
Interested in a White-Label Integration Partnership?

Please reach out to our VP, Business Development ([email protected]envelope) to begin a conversation. Please provide the following information: Company Details

  • Company Name: [Your Company Name]

hashtag
Authentication Details

  • Authentication Type: OpenID or Opaque

  • Authentication Endpoint: [Endpoint URL]

  • JWKS URL: [Applicable only if using OpenID Token Authorization]

hashtag
Server-to-Server Authentication Header for the Authentication Endpoint:

  • Header Name: e.g. Authorization / X-S2S

  • Header Value: [Secure Value - shared via secure channel, e.g., 1Password]

hashtag
Authorization Test Credentials:

  • For OpenID: [Username/Password]

  • For Opaque Token: Opaque Token for internal testing

hashtag
Implement the Authentication Endpoint

Implement the Subscription Features endpoint according to the following OpenAPI specification. The actual endpoint domain will be provided by you.

hashtag
Fetching subscription features for a customer

post

This is a server to server call to fetch subscription features for a customer from an external endpoint. This endpoint is provided by the service, which owns the subscription information of a customer.

Authorizations
AuthorizationstringRequired

An S2S Token for communication between internal services provides as an Authorization Bearer token

Body
customer_idstringOptional

The unique customer id of the user defined in the system of the subscription owner

Responses
chevron-right
200

Ok

application/json
post
/subscription_features
PreviousOverviewNextSetting up the SDK

Last updated