bitwarden/server
Apps
Bitwarden Server is eleven ASP.NET Core processes that share src/Core/ and the database. Each app has its own csproj, Startup.cs, Program.cs, Dockerfile, and appsettings.*.json. The OSS distribution drops the four commercially-licensed projects under bitwarden_license/.
| Service | Path | One-liner | Page |
|---|---|---|---|
Api |
src/Api/ |
The main REST API for clients (vault CRUD, organisations, sends, billing self-service, secrets manager). | api.md |
Identity |
src/Identity/ |
OAuth 2.0 / OIDC token endpoint built on Duende IdentityServer; handles every login flow. | identity.md |
Admin |
src/Admin/ |
Razor-Pages internal admin UI used by Bitwarden support staff for customer ops. | admin.md |
Billing |
src/Billing/ |
Receives Stripe / PayPal / BitPay / Braintree / FreshDesk webhooks. | billing.md |
Events |
src/Events/ |
Tiny write API clients post audit events to. | events.md |
EventsProcessor |
src/EventsProcessor/ |
Background service that drains the events queue into storage. | events-processor.md |
Notifications |
src/Notifications/ |
SignalR push hub for real-time client sync. | notifications.md |
Icons |
src/Icons/ |
Public favicon proxy / cache used by client autofill. | icons.md |
Sso |
bitwarden_license/src/Sso/ |
SAML / OIDC bridge between corporate IdPs and Identity. (Commercial) |
sso.md |
Scim |
bitwarden_license/src/Scim/ |
SCIM 2.0 provisioning API for enterprise directory sync. (Commercial) | scim.md |
Setup (utility) |
util/Setup/ |
Self-host install / update bootstrapper. Not a long-running service. | (bundled into deployment docs) |
Cross-app concerns
Every app calls some subset of these in its Startup.ConfigureServices:
services.AddGlobalSettingsServices(Configuration, Environment)— bindGlobalSettings.services.AddCustomDataProtectionServices(env, globalSettings)— ASP.NET Core data protection with Azure Blob persistence in cloud.services.AddDatabaseRepositories(globalSettings)— pick Dapper or EF based onDatabaseProvider.services.AddBaseServices(globalSettings)+services.AddDefaultServices(globalSettings)— the shared service registrations fromsrc/Core/Utilities/ServiceCollectionExtensions.cs.services.AddIdentityAuthenticationServices(globalSettings, env, ...)— Bearer JWT validation pointing at the Identity host.services.AddCustomIdentityServices(globalSettings)— only the Identity host runs this.
The pipeline in Configure(app, ...) is similarly conventional: SecurityHeadersMiddleware → default middleware (CoreServiceCollectionExtensions.UseDefaultMiddleware) → optional rate limiting (cloud only) → CORS → auth → CurrentContextMiddleware → endpoints.
Service interaction shape
graph LR
Client((Bitwarden client))
Client --> Identity
Client --> Api
Client -->|WS| Notifications
Client --> Events
Client --> Icons
subgraph Commercial
Sso
Scim
end
Sso --> Identity
Scim --> Db[("DB")]
Api --> Db
Api --> Storage[("Blobs")]
Api --> Cache[("Redis")]
Api --> Bus[("Queue/Service Bus")]
Bus --> EventsProcessor
EventsProcessor --> Db
Identity --> Db
Notifications --> Bus
Stripe -.->|webhook| Billing
Billing --> Db
Admin --> DbStartup expectations
Production cloud topology runs each service in its own pod / app service. Self-host runs them as siblings under a single bitwarden.sh Docker Compose stack with one shared SQL Server (or other DB), one Redis, and one Notifications hub. The Setup utility (util/Setup/) writes a global.override.env that every service reads on boot so the stack stays consistent.
Pick the service page that matches what you are debugging or extending.
Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.