> BLOG_POSTS

Technical insights, updates, and deep dives into authorization

[9/17/2025]

#identity-tokens#api-keys#bearer-tokens#security#authentication#saas

> How to Implement API Keys Using Hessra Identity Tokens

Replace static API keys with cryptographically secure, auto-expiring identity tokens that provide a seamless upgrade path to full authorization.

by Jacob Valentic

READ_MORE >>

[9/3/2025]

#identity-tokens#ai-agents#delegation#biscuit#machine-identity#authorization#non-human-identity

> Using Hessra Identity Tokens for Delegated Agent Identities

Learn how to use Hessra's identity tokens to create secure, hierarchical identities for AI agents and sub-agents with cryptographic delegation.

by Jacob Valentic

READ_MORE >>

[8/25/2025]

#machine-identity#authorization#biscuit#zero-trust#ambient-authority#jwt#delegation

> Your Contractor Has the CEO's Keycard: The Broken State of Machine Identity

How traditional tokens create ambient authority problems and why separating identity from authorization is the key to secure machine-to-machine communication.

by Jacob Valentic

READ_MORE >>

[7/29/2025]

#zero-trust#security#network#sase#mesh#zanzibar#authorization

> High level approaches to Zero Trust

Exploring three conceptual approaches to implementing Zero Trust: simulated solutions, shrinking perimeters, and request-scoped security.

by Jacob Valentic

READ_MORE >>

[7/22/2025]

#security#zero-trust#network#infrastructure#nat

> Your network was never safe

The internet broke your network the moment you connected it. Zero Trust is the overdue fix.

by Jacob Valentic

READ_MORE >>

[6/30/2025]

#authorization#security#biscuit#rust

> Introducing Hessra: Authorization Built for Machines

Authorization built for machines with offline-verifiable tokens and deep stack coverage.

by Jacob Valentic

READ_MORE >>