Skip to main content
Version: 2.0

Authentication and Authorization in Vectara

Vectara’s authentication and authorization framework secures access to our platform and its data. Whether you are an admin configuring corpora, a developer integrating APIs, or an end user querying data through an application, this section provides the tools and strategies to control access and manage data effectively. From API keys for quick setups to OAuth 2.0 for enterprise-grade security, and corpus-level permissions for precise data control, Vectara balances usability with robust protection.

Who uses Vectara?

Admins manage the platform, developers build and test integrations, and end users access data through apps. This blueprint guides their needs:

Admins and developers interact with Vectara directly, end users connect to client apps.

Review the following key topics, guiding you through Vectara access patterns that we recommend for enterprises, concepts, and practical steps.

Enterprise Access Patterns

Introduces Admins, Developer, and End User access patterns.

Clarifies who needs what access, grounding your authentication and authorization strategy.

Authentication and Authorization Overview

Outlines Vectara’s authentication mechanisms (API keys, OAuth 2.0) and authorization models (RBAC, ABAC).

Builds a technical foundation for understanding Vectara’s security model.

Choose the Right Authentication Method

Compares API keys and OAuth 2.0 for different situations.

Helps you select the best authentication method for your scenario.

Create and Use API Keys

Guides you through generating and using API keys (Personal, Query, Index).

Enables fast, secure integration for common tasks.

Use OAuth 2.0

Explains setting up OAuth 2.0 for production-ready access.

Provides scalable, secure auth with expiring tokens.

Set Up Account and Corpus Permissions (RBAC)

Details assigning Role-Based Access Control roles (Query, Index).

Ensures precise permissions for users and apps.

Apply Metadata Filters for Attribute-Based Access Control

Shows how to use metadata filters for more granular access.

Adds flexibility to control visibility within corpora.

Isolate Tenants with Corpora

Explains dedicating corpora to tenants for secure, scalable multi-tenant applications.

Simplifies access control and monitoring by isolating customer or team data.

Combine Access Control with Application Filters

Demonstrates layering ABAC with app-specific filters.

Integrates security and functionality for real-world use.

Next steps

  1. New to Vectara? Start with Enterprise Access Patterns to identify your role.
  2. Read Authentication and Authorization Overview for the basics.
  3. Read about how to Choose the Right Authentication Method.
  4. Dive into practical guides like Create and Use API Keys or Use OAuth 2.0 based on your implementation needs.