Architecture Overview
Architecture Overview
Sestra is built as a lightweight access middleware with clear boundaries. It evaluates verification results, issues short-lived sessions, and informs your backend through events.
Sestra does not store identity, does not process funds, and does not execute workloads. Its only job is access decision-making.
System Roles
Client (User / Agent / Service) Requests access to your protected API endpoint.
Provider Backend (Your API) Owns the protected endpoints. Integrates Sestra via SDK/API and receives webhook events.
Sestra Core Creates sessions, validates verification signals, enforces privacy rules, and dispatches events.
External Verification Systems Systems that produce verification signals (e.g., payment receipts, attestations). Sestra verifies the result, not the underlying data.
Control Plane vs Runtime Plane
Control Plane (Developer Console)
Used to configure:
policies (requirements, TTL, allowances)
webhook endpoints
access settings and environments
Runtime Plane (Session + Verification)
Used during real traffic:
create session
verify fulfillment signal
grant access session
expire session automatically
Data Minimization Model
Sestra stores only what is necessary to operate safely:
session identifiers
timestamps
status
hashed metadata (optional)
Sestra does not store:
identity
wallet addresses
network identifiers (IP)
raw verification artifacts
behavioral analytics
Runtime Flow (Short)
Client requests a protected endpoint
Backend requests a session from Sestra
Backend returns "verification required" to client
Client fulfills requirement externally
Sestra verifies fulfillment and grants a temporary session
Backend allows access while session is valid
Session expires automatically
Last updated