Getting Started
Introduction
Sestra is an access middleware for modern APIs and automated systems. It converts verified conditions into short-lived access sessions without managing user identity, credentials, or sensitive data. Sestra is built for environments where:
APIs are consumed by machines
access must be temporary
privacy and compliance matter
Sestra focuses on one responsibility only: deciding whether access should be granted right now.
Problem Statement
Modern APIs are increasingly consumed by backend services, bots, and autonomous agents. However, access control and monetization models still rely on:
user accounts
long-lived credentials
identity-centric billing
This creates:
operational complexity
data liability
compliance overhead
friction for automated clients
Sestra exists to remove these constraints.
Design Principles
Sestra is built on the following principles:
Access over identity
Sessions over credentials
Configuration over custom logic
Privacy by non-collection
Minimal system surface area
Every architectural decision in Sestra follows these rules.
Last updated