Epsitec.Rezo.Api 11.6.0.2629

Prefix Reserved
dotnet add package Epsitec.Rezo.Api --version 11.6.0.2629
                    
NuGet\Install-Package Epsitec.Rezo.Api -Version 11.6.0.2629
                    
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Epsitec.Rezo.Api" Version="11.6.0.2629" />
                    
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="Epsitec.Rezo.Api" Version="11.6.0.2629" />
                    
Directory.Packages.props
<PackageReference Include="Epsitec.Rezo.Api" />
                    
Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add Epsitec.Rezo.Api --version 11.6.0.2629
                    
#r "nuget: Epsitec.Rezo.Api, 11.6.0.2629"
                    
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#:package Epsitec.Rezo.Api@11.6.0.2629
                    
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.
#addin nuget:?package=Epsitec.Rezo.Api&version=11.6.0.2629
                    
Install as a Cake Addin
#tool nuget:?package=Epsitec.Rezo.Api&version=11.6.0.2629
                    
Install as a Cake Tool

Rezo API (Epsitec Application Services)

Epsitec.Rezo.Api is the client SDK for the Rezo platform, part of the Epsitec Application Services suite. It bundles the typed clients, data models and high-level helpers a host application needs to talk to the Rezo services — identity & access, multi-factor authentication, the public key registry, and Passport dispatch — without re-implementing the transport, crypto and token-refresh glue by hand.

Target framework: .NET 10 / C# 14.

Clients

AuthClient — identity & access (auth/v2)

The main auth client, covering two areas:

  • Authentication & tokens — password sign-in (AuthenticateUser with a ClientSecret from ClientSecretFactory), OIDC authorization-code + PKCE flows, MFA step-up (AuthenticateWithMfa, MfaStepUpFromRefreshToken), and token refresh (Refresh). Pair it with RefreshingAccessTokenProvider to keep a fresh access token.
  • User / persona / claims administration — resolve users and personae (GetUserIdentity, ResolveUserId, GetUserPersonae), manage personae (AddPersona, RemovePersona, RemoveUser), read and update claims (TryGetUserClaims, UpdateUserCommonClaims, UpdateUserPersonaClaims, ResolveSubjectClaims), set credentials and reset MFA.

AuthMfaClient — multi-factor enrolment

TOTP / email MFA lifecycle: start and complete setup, activate, verify a code on an enrolled account, and list active enrollments.

AuthKeysetClient — public key registry (user, JWT)

Register, revoke and read a user's hybrid keysets. Reads come in raw (GetLatest, GetRange, GetByHkid) and family-keyed (GetLatestNormalizedNormalizedKeyset) forms.

  • KeysetProvisioner.RegisterAsync runs the full registration ceremony (start → KEM proofs → complete) in one call.
  • KeysetKeyGenerator + HybridKeyMaterial / HybridKey generate the hybrid key material — ECDSA P‑256, ML‑DSA‑65, X25519, ML‑KEM‑768/1024 — as DER bytes (no Bouncy Castle types on the public surface).
  • KeysetProfilePolicy / EnforceProfiles require specific key profiles on read; MfaRequiredException is the typed signal when a write needs an MFA-validated token.

AuthKeysetsServiceClient — public key registry (service, API key)

Service-to-service reads of the registry, authenticated by an API key instead of a user JWT.

Passport — dispatch central (IDispatchCentralClient)

Send and receive dispatch-central notifications (NotifyOne, plus PassportListener / DispatchCentralListener for the receiving side).

Cryptography & helpers

  • ClientSecretFactory — derive a ClientSecret from a login and password (Argon2id client-side hashing handled for you).
  • RefreshingAccessTokenProvider / IAccessTokenProvider — acquire an access token and refresh it on expiry, tracking the rotated refresh token.
  • Claims, resource scopes, web-token and PKCE helpers for working with issued tokens.

Data models

  • Clima (Crésus License Manager) — portfolios, document leases and portfolio notifications.
  • William — debt-ledger types (DebtorId, DebtLedgerStatus).
  • Shared auth models — UserIdentity / UserPersona, claims and scopes, AuthorizationResult, PKCE.

Getting started

The package ships no dependency-injection bootstrap: construct the clients yourself with your ILogger, an IHttpClientFactory, and an Epsitec.Net.Utilities.ApiProvider bound to the service base URL. The example below shows the common auth + keyset flow (illustrative — see each type's constructor and XML docs):

var apiProvider  = new Epsitec.Net.Utilities.ApiProvider (authBaseUrl);
var authClient   = new AuthClient (logger, httpFactory, apiProvider, tokenCache);
var keysetClient = new AuthKeysetClient (logger, httpFactory, apiProvider);

// Authenticate, then keep a fresh access token.
var secret = await ClientSecretFactory.CreateAsync (authClient, login, password);
var auth   = await authClient.AuthenticateUser (login, secret);
var tokens = new RefreshingAccessTokenProvider (authClient, auth, scope);

// Declare a hybrid keyset, then read another user's latest keyset (family-keyed).
var material = KeysetKeyGenerator.Generate (kemProfile);
await keysetProvisioner.RegisterAsync (tokens, uid, material);
var keyset = await keysetClient.GetLatestNormalized (otherUid, await tokens.GetAccessTokenAsync ());

Exact method signatures and overloads are documented in the package's XML docs.

Product Compatible and additional computed target framework versions.
.NET net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (2)

Showing the top 2 NuGet packages that depend on Epsitec.Rezo.Api:

Package Downloads
Epsitec.Briefcases.Identity

User identity lifecycle for Crésus Briefcases: key provisioning, at-rest key store, login, and keyset registration

Epsitec.Passport.Shared

Passport.Shared - 3.44.3.2625 net10.0

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
11.6.0.2629 46 7/16/2026
11.5.1.2628 144 7/12/2026
11.4.7.2627 229 6/30/2026
11.4.6.2627 123 6/29/2026
11.4.1.2626 282 6/23/2026
11.4.0.2626 102 6/23/2026
11.3.20.2625 200 6/19/2026
11.3.7.2623 132 6/9/2026
11.3.0.2622 315 5/26/2026
11.2.1.2622 102 5/26/2026
11.2.0.2622 108 5/26/2026
10.0.0.2551 567 12/16/2025