Token Verification and Authorisation

POST 
/service/data-space/:organisationId/validate-access

The Token Verification and Authorisation endpoint for an organisation in regards to a Data Marketplace. An Access Token issued as a result of a Pull-Data request can be verified here, and an authorisation decision can be made against the requested resource (defined by OpenAPI method and path). The resource is checked against the OpenAPI specification of the underlying Data Agreement within the Data Disclosure Agreement Record's Template connected to the Access Token.

Request

Path Parameters

organisationId stringrequired

The ID of the organisation

application/json

Body

accessToken stringrequired

The JWT Access Token to be verified and authorised

httpMethod stringrequired

The HTTP Method to be checked against the OpenAPI specification

path stringrequired

The path to be checked against the OpenAPI specification

Responses

200

Access token verified and authorised

Response Headers

• Content-Type json

  Content-Type header

application/json

Schema

Schema

verified boolean

Whether the access token was verified and authorised

decodedClaims object

The decoded claims of the access token

individual object

Shallowly models an Individual which may reference some instance in an external system (registration system, functional ID, foundational ID etc). An Individual instance of this model is not to be mistaken with a unique natural individual. It is up to the system owner to decide if this record permits mapping to a natural individual and/or if a single Individual row can map to several consent agreements.

id string

The unique ID of an Individual row.

externalId string

Reference to another foundational/functional ID, which is likely PII

externalIdType string

External ID type specifier. A string. For instance "email" or "foundational ID". Can be used in later queries.

identityProviderId string

This could be an FK, but for now we do not have a mapping of identity providers. IDBB may have more requirements.

name stringrequired

Name of the individual

iamId string

Create a user in keycloak and save the id as iamId

email stringrequired

Email ID

phone stringrequired

Phone

pushNotificationToken string

Device token of the individual

deviceType string

Possible values: [android, ios]

Device type(OS) of the individual

Example (from schema)

{
  "verified": true,
  "decodedClaims": {},
  "individual": {
    "id": "",
    "externalId": "",
    "externalIdType": "",
    "identityProviderId": "",
    "name": "string",
    "iamId": "string",
    "email": "string",
    "phone": "string",
    "pushNotificationToken": "string",
    "deviceType": "android"
  }
}

Loading...