Securing endpoints

There are 2 types of permissions to allow running predictions on endpoints.

  • Predict endpoint permission

  • Access token

Predict endpoint permission

Predict endpoint permission grants access to platform users and service accounts to run predictions on an endpoint.

Enable predict endpoint permission setting

For the “Predict endpoint” permission to take effect, entity admin(s) for an endpoint or an Org admin has to toggle on the ability to grant “Predict endpoint” permission.

Predict endpoint permission setting can be toggled on in the following places:

  • While deploying an endpoint using configurable deploy option

  • In the endpoint settings page

Without toggling the switch, none of the collaborators can be granted prediction access. Given below is how you toggle the switch during endpoint creation:

Grant predict endpoint permission

There are 2 ways to grant the permission:

  • At Org baseline level: Org admins can enable “Predict endpoint” permissions for all the Org members by default (in the baseline permission settings tab for an Org)

  • At each endpoint level: An endpoint entity admin can individually grant “Predict endpoint” permission to collaborators for the specific endpoint

Access tokens

Verta platform also offers the option to generate access tokens that allows prediction access for non users of the platform (e.g. another user who wants to test the endpoint via curl command or an application making a call to endpoint).

The user can decide whether to enable access token authentication when deploying a model. You can also enable/disable access token permission for an endpoint in the “Settings” section.

Access tokens can be obtained from the “Settings” tab in the endpoint. You can create multiple access tokens.

If the endpoint has access token authentication enabled and you have a valid access token, here is an example of a curl command that can be used to run predictions:

curl -H "Access-token: 254c1b0d-00ca-41ec-aad8-4d80eac53749" -X POST -d '[[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]] ' -H "Content-Type: application/json"

The curl command is also accessible from endpoint summary model playgroung section.

Given below is how you can manage access token in endpoint settings tab:

Last updated