Kaphera Cloud Managed Server

The extended API server behind cloud.kaphera.com that adds the SaaS-only capabilities (directory, join orchestration, billing, audit, cross-organisation discovery) on top of the base Cloud Server.

What it is

The extended API server that powers cloud.kaphera.com, Kaphera’s fully managed platform. It builds on the kaphera-cloud-server and adds the capabilities that only make sense in a managed, multi-tenant SaaS context: audit logging, usage-based billing, the data space directory, the participant join flow with automated identity and credential provisioning, and cross-organisation discovery. This is the server that delivers the “login to data exchange in under a minute” promise.

What it does for the customer

Provides the complete managed experience. A participant browses the data space directory, clicks join, and the server orchestrates everything: identity establishment with the data space authority, credential issuance, connector provisioning, and infrastructure configuration. A governance authority publishes their data space profile, defines onboarding rules, and manages participant requests. Behind the scenes, the server handles metering, invoicing, and the operational tooling that Kaphera uses to manage infrastructure across all customers.

Who it serves

petra-novak is the tier-3 SME operations manager with no IT team and a customer deadline in four months. The managed server is the only product that works for her: self-service onboarding in plain language, transparent fixed monthly pricing, a connector that runs without her attention, and support she can reach when something breaks. She will never touch a CLI or a Kubernetes cluster.

thomas-brandt is the mid-size supplier head of IT who needs to connect to Catena-X without hiring Kubernetes engineers. The managed server is the product he buys: contractual SLAs, compliance certifications, a named support contact, and infrastructure he never touches.

leila-brandt is the backend engineer at a SaaS scale-up who needs a managed connector she can subscribe to without running infrastructure. She uses the control plane management API to register data assets, configure policies, and implement the consumer-side contract negotiation pattern in her application code. If the product expands to provisioning connectors for clients’ suppliers, she needs that to be a single programmatic API call.

isabelle-dufour is the non-technical supply chain leader who needs governed data exchange with her suppliers. The join flow and governance interface let her operate a data space without touching a configuration file.

sophie-renard is the governance authority head of digital infrastructure. The managed server provides the single governance interface she needs (profile registration, identity configuration, onboarding rules, credential management) without assembling it from separate components.

Why this licence: Source-available — proprietary

This is Kaphera’s SaaS differentiation. The managed server encodes the business logic that makes the platform commercially viable: billing integration, the data space directory, join flow orchestration, fleet management, audit infrastructure. These capabilities compound over time as the platform scales. They are not infrastructure enablement; they are the product moat.

How it relates to other artefacts

Extends the kaphera-cloud-server: every endpoint in the base server exists here, plus the managed-only capabilities. The kaphera-cloud-managed-console is its frontend. The [[kaphera-cli|kaphera CLI]] cloud backend and the kaphera-cloud-terraform-provider cloud backend connect to this server. The GET /capabilities endpoint tells clients what’s available, so the same CLI, Terraform provider, and Console codebase can serve both the base server and this one without forking.

Join flow

sequenceDiagram
  actor P as Participant
  participant C as Managed Console
  participant S as Managed Server
  participant DS as Dataspace Authority
  participant K as Cluster (operators)
  P->>C: browse directory, click join
  C->>S: POST /joins
  S->>DS: identity establishment
  DS-->>S: identity ack
  S->>DS: credential request
  DS-->>S: credential issued
  S->>K: provision connector (CRD)
  K-->>S: connector running
  S-->>C: status events
  C-->>P: live status tracker

Related

• kaphera-cloud-server: the base server this extends.
• kaphera-cloud-managed-console: the SaaS UI fronting this API.
• petra-novak, thomas-brandt: participants for whom the managed server is the only viable product.
• sophie-renard: the governance authority whose data space lives in this server’s directory.
• isabelle-dufour: the non-technical operator whose join flow runs against this server.