Overview

Kape's infrastructure and SDKs are designed to support full white-label operation. In this model you retain ownership of customer identity, authentication, billing, and subscription management, while delegating network delivery and related client capabilities to Kape. Your systems remain the system of record for users and entitlements; the SDK interacts with Kape using partner-specific domains and a trust relationship that accepts your assertions as the basis for issuing service credentials.

In a typical flow the customer signs in against your identity provider — for example via OpenID Connect, a SAML-based service, or a proprietary login. The client application receives an authentication credential from your IdP and does not send any personally identifiable information to Kape. Instead, the client contacts a validation endpoint that you operate. This endpoint verifies the presented credential, looks up the customer's active subscription, and returns an entitlement document that describes what the customer is allowed to use. The document expresses just feature indicators and Kape's services will issue Subscription Receipt Tokens containing entitlements, which represent these features.

The SDK will be configured with a custom domain to fetch the Subscription Receipt Token.

Staging and Production Environments

From an operational perspective you will want distinct staging and production tenants, each with its own domains, signing keys, and rate limits. Staging allows you to validate changes to your entitlement schema, key rotation procedures, and SDK updates without impact on end users.

In summary, white-label integration lets you keep your customer and subscription logic exactly as it is today, while the Kape SDK converts your authenticated, signed entitlements into anonymous service credentials against partner-specific Kape domains. Your systems authenticate and authorize; the SDK performs the exchange and enforces access on the client; Kape delivers the network and platform features behind an interface that never requires exposure of your users' identities.