Axis Overview
Axis is the tenant-aware control plane for identity, policy lifecycle, rollouts, alerts, and audit evidence.
Overview
Axis handles user and API authentication, tenant authorization, policy orchestration, and signed rollout receipt storage.
Core operational endpoints include agent inventory, rollouts, alerts, and audit logs.
Endpoint Assumptions
- Production auth and API host:
https://axis.velikey.com(signin:https://axis.velikey.com/auth/signin). - Non-production override: set
AXIS_BASE_URLexplicitly before running docs commands. - Manual operator substitutions: provide tenant-scoped values for cookies, bearer tokens, agent IDs, and tenant slugs.
Actionable Steps
- Sign in at
https://axis.velikey.com/auth/signinwith an owner/admin account. - Verify tenant-scoped API access for agents and audit logs.
- Use rollout receipts for change evidence in compliance workflows.
# manual-only example
# production default; set AXIS_BASE_URL explicitly for staging/test.
export AXIS_BASE_URL="${AXIS_BASE_URL:-https://axis.velikey.com}"
export SESSION_COOKIE="axis-session=REDACTED"
curl -fsS -H "Cookie: $SESSION_COOKIE" "$AXIS_BASE_URL/api/agents/database" | jq
curl -fsS -H "Cookie: $SESSION_COOKIE" "$AXIS_BASE_URL/api/audit-logs?limit=10" | jq
curl -fsS -H "Cookie: $SESSION_COOKIE" "$AXIS_BASE_URL/api/rollout-receipts?limit=5" | jq
Validation Checks (Last Step)
# executable example curl --version command -v curl command -v jq
Expect an HTTP response from the sign-in endpoint before testing API flows.
Common Failure Modes
- Running API checks with an expired browser session returns `401 Unauthorized`.
- Owner/admin-only endpoints return `403` for lower-privilege users.
- Confusing brochure auth handoff (
https://axis.velikey.com/auth/signin) and agent bearer auth leads to invalid request headers.
Claims and Evidence References
Claims registry • Claim-to-evidence matrix
Navigate Docs
Docs Index • Previous: Aegis Rollouts • Next: Axis Auth and SSO • How VeliKey works • Troubleshooting