White-Label Integration
Kape’s infrastructure and SDKs are designed to support full white-label operation. In this model you retain ownership of customer identity, authentication, billing, and subscription management, while delegating network delivery and related client capabilities to Kape. Your systems remain the system of record for users and entitlements; the SDK interacts with Kape using partner-specific domains and a trust relationship that accepts your assertions as the basis for issuing service credentials.
In a typical flow the customer signs in against your identity provider, for example via OpenID Connect, a SAML-based service, or a proprietary login. The client application receives an authentication credential from your IdP and does not send any personally identifiable information to Kape. Instead, the client contacts a validation endpoint that you operate. This endpoint verifies the presented credential, looks up the customer’s active subscription, and returns an entitlement document that describes what the customer is allowed to use. The document expresses just feature indicators and Kape's services will issue Subscription Receipt Tokens containing entitlements, which represent these features.
The SDK will be configured with a custom domain to fetch the Subscription Receipt Token.
Staging and Production environments
From an operational perspective you will want distinct staging and production tenants, each with its own domains, signing keys, and rate limits. Staging allows you to validate changes to your entitlement schema, key rotation procedures, and SDK updates without impact on end users.
In summary, white-label integration lets you keep your customer and subscription logic exactly as it is today, while the Kape SDK converts your authenticated, signed entitlements into anonymous service credentials against partner-specific Kape domains. Your systems authenticate and authorize; the SDK performs the exchange and enforces access on the client; Kape delivers the network and platform features behind an interface that never requires exposure of your users’ identities.
Interested in a White-Label Integration Partnership?
Please reach out to our VP, Business Development ([email protected]) to begin a conversation. Please provide the following information: Company Details
Company Name: [Your Company Name]
Authentication Details
Authentication Type: OpenID or Opaque
Authentication Endpoint: [Endpoint URL]
JWKS URL: [Applicable only if using OpenID Token Authorization]
Server-to-Server Authentication Header for the Authentication Endpoint:
Header Name: e.g.
Authorization/X-S2SHeader Value: [Secure Value - shared via secure channel, e.g., 1Password]
Authorization Test Credentials:
For OpenID: [Username/Password]
For Opaque Token: Opaque Token for internal testing
Implement the Authentication Endpoint
Implement the Subscription Features endpoint according to the following OpenAPI specification. The actual endpoint domain will be provided by you.
This is a server to server call to fetch subscription features for a customer from an external endpoint. This endpoint is provided by the service, which owns the subscription information of a customer.
An S2S Token for communication between internal services provides as an Authorization Bearer token
The unique customer id of the user defined in the system of the subscription owner
Ok
Authorization header is missing
Customer could not be resolved
Rate limited
Last updated