Skip to content

OpenSESA

Authentication and Permissions

Initializing search

OpenSESA

Home
Start Here
Start Here
Platform Fundamentals
Platform Fundamentals
Architecture
Architecture
Capabilities
Capabilities
User Guide
User Guide
Engineering Workflow
Engineering Workflow
Build, Deploy, Operate
Build, Deploy, Operate
API Guide
API Guide
- API Overview
- Authentication and Permissions Authentication and Permissions
  On this page
  - Authentication Model
  - Permission Expectations
- Error and Response Model
- API and Route Catalog
- API Examples
Quality
Quality
Reference
Reference
Architecture Decisions
Architecture Decisions
Contributing

On this page

Authentication Model
Permission Expectations

API Authentication and Permissions¶

Authentication Model¶

Django authentication with allauth integration.
Login is required for most application pages and endpoints.
MFA policies are enforced by middleware settings.

Permission Expectations¶

Access is typically scoped by selected project and user role.
Write actions should be limited to authorized contributors.
Governance actions should be limited to elevated roles.

Collapsed security reminder

Do not assume access from UI visibility alone. Always enforce permission checks in view logic.

Error and Response Model

Copyright © 2026 OpenSESA. All rights reserved.