Role Based Access Control

The Verified platform APIs support Role Based Access Control, which defines the services that the application can access.

Roles are recorded within the Access token. Developer can easily inspect the contents using JSON Web Tokens site

  • Examine access tokens to see appropriate roles.
  • Request to the GetAdministrativeUserActions API endpoint returns the list of actions the applications can perform with the current Access token.

An HTTP 403 "Unauthorized" response code is sent if the application tries to call an API that is not a part of the token roles.

An illustration of the roles in an access token is as follows:

...
"role": [  
    "Administrator",  
    "Transactor",  
    "Configurator"  
  ],
...
RolePermissionsAPI Methods
AdministratorRead Customer Attributes, Manage Accounts and related entities, Create Accounts, Read Accounts, Manage Bio Credentials, Create Bio Credentials, Read Bio Credentials, Manage Custom Operations and Operations Resources, Read Transaction/Operation history, Read System Audit, Perform Transaction, Read Operation ResultsCustomerVerifyIDDocument, CustomerDeleteSingleAccountBiometricCredentialRawData, CustomerGetAccountBiometricCredentialRawDataCount, CustomerDeleteAllAccountBiometricCredentialRawData, CustomerCheckLiveness, CustomerCreateAccount, CustomerReadAccount, CustomerSearchAccounts, CustomerUpdateAccount, CustomerDeleteAccount, CustomerAuditAccount, CustomerLinkAccount, CustomerReadAccountPolicy, CustomerUpdateAccountPolicy, CustomerCreatePreRegistration, CustomerReadPreRegistration, CustomerAuditPreRegistration, CustomerCancelPreRegistration, CustomerSearchTransactions, CustomerSyncToExternalSystem, CustomerSyncFromExternalSystem, CustomerCreateAccountBiometricCredential, CustomerReadAccountBiometricCredential, CustomerDeleteAccountBiometricCredential, CustomerVerifyAccountBiometricCredential, CustomerAuditBiometricCredential, CustomerReadAccountBiometricCredentialMetadata, CustomerAuditApiKey, CustomerCreateCustomOperation, CustomerReadCustomOperation, CustomerUpdateCustomOperation, CustomerDeleteCustomOperation, CustomerAuditCustomOperation, CustomerCreateCustomOperationResource, CustomerReadCustomOperationResource, CustomerUpdateCustomOperationResource, CustomerDeleteCustomOperationResource, CustomerAuditCustomOperationResource, CustomerReadPredefinedOperation, CustomerAuditPredefinedOperation, CustomerCreatePredefinedOperationResource, CustomerReadPredefinedOperationResource, CustomerUpdatePredefinedOperationResource, CustomerDeletePredefinedOperationResource, CustomerAuditPredefinedOperationResource, CustomerReadIDDocumentTypes, CustomerReadSearchMetadata, CustomerSearchAudit, CustomerAuditCustomerAttribute, CustomerSearchOperations, CustomerReadTransactionConfirmations, CustomerAuditAdministrativeUser, CustomerReadCustomerAttribute
TransactorPerform Transaction, Read Transaction ResultsCustomerBeginAuthorization, CustomerBeginCustomAuthorization, CustomerEndAuthorization, CustomerAuthorizeTransaction, CustomerCheckAuthorization, CustomerCheckCustomAuthorization, CustomerSendInformationalNotification, CustomerCheckInformationalNotification, CustomerBeginForeignAuthorization
Biometric Credentials ReaderRead Bio CredentialsCustomerReadAccountBiometricCredential, CustomerReadAccountBiometricCredentialMetadata, CustomerReadBiometricCredential
External VerificatorPerform external doc verificationCustomerExternalVerifyIDDocument
ConfiguratorManage Customer Settings, Manage Customer Attributes, Read Customer AttributesCustomerReadCustomerGenericSettings, CustomerUpdateCustomerGenericSettings, CustomerReadCustomerWebhookSettings, CustomerUpdateCustomerWebhookSettings, CustomerResetCustomerWebhookSecret, CustomerCallTestWebhook, CustomerCreateCustomerAttribute, CustomerReadCustomerAttribute, CustomerUpdateCustomerAttribute, CustomerDeleteCustomerAttribute
Site OperatorManage Accounts and related entities, Create Accounts, Read Accounts, Manage Bio Credentials, Create Bio Credentials, Read Bio Credentials, Manage Custom Operations and Operations Resources, Read Transaction/Operation history, Read System Audit, Read Operation ResultsCustomerAuditAdministrativeUser, CustomerCreateAccount, CustomerReadAccount, CustomerSearchAccounts, CustomerUpdateAccount, CustomerDeleteAccount, CustomerAuditAccount, CustomerLinkAccount, CustomerReadAccountPolicy, CustomerUpdateAccountPolicy, CustomerCreatePreRegistration, CustomerReadPreRegistration, CustomerAuditPreRegistration, CustomerCancelPreRegistration, CustomerSearchTransactions, CustomerSyncToExternalSystem, CustomerSyncFromExternalSystem, CustomerCreateAccountBiometricCredential, CustomerReadAccountBiometricCredential, CustomerDeleteAccountBiometricCredential, CustomerVerifyAccountBiometricCredential, CustomerAuditBiometricCredential, CustomerReadAccountBiometricCredentialMetadata, CustomerDeleteSingleAccountBiometricCredentialRawData, CustomerGetAccountBiometricCredentialRawDataCount, CustomerAuditApiKey, CustomerCreateCustomOperation, CustomerReadCustomOperation, CustomerUpdateCustomOperation, CustomerDeleteCustomOperation, CustomerAuditCustomOperation, CustomerCreateCustomOperationResource, CustomerReadCustomOperationResource, CustomerUpdateCustomOperationResource, CustomerDeleteCustomOperationResource, CustomerAuditCustomOperationResource, CustomerReadPredefinedOperation, CustomerAuditPredefinedOperation, CustomerCreatePredefinedOperationResource, CustomerReadPredefinedOperationResource, CustomerUpdatePredefinedOperationResource, CustomerDeletePredefinedOperationResource, CustomerAuditPredefinedOperationResource, CustomerReadIDDocumentTypes, CustomerReadSearchMetadata, CustomerSearchAudit, CustomerReadCustomerAttribute, CustomerAuditCustomerAttribute, CustomerSearchOperations, CustomerReadTransactionConfirmations, CustomerVerifyIDDocument, CustomerDeleteAllAccountBiometricCredentialRawData, CustomerCheckLiveness
Transaction Result AuditorRead Transaction Results, Read Operation ResultsCustomerReadBiometryVerificationResult, CustomerEndAuthorization, CustomerReadTransactionConfirmations, CustomerReadExternalOperationStatus, CustomerReadForeignOperationStatus, CustomerReadIDDocumentVerificationResult
Customer OwnerManage Admin Users and API Keys, Manage Self API Keys, Manage Customer Settings, Manage Customer Attributes, Read Customer AttributesCustomerCreateAdministrativeUser, CustomerUpdateAdministrativeUser, CustomerDeleteAdministrativeUser, CustomerReadAdministrativeUser, CustomerSearchAdministrativeUsers, CustomerReadCustomerRole, CustomerReadAdministrativeUserRole, CustomerReadCustomerGenericSettings, CustomerUpdateCustomerGenericSettings, CustomerReadCustomerWebhookSettings, CustomerUpdateCustomerWebhookSettings, CustomerResetCustomerWebhookSecret, CustomerCallTestWebhook, CustomerCreateCustomerAttribute, CustomerReadCustomerAttribute, CustomerUpdateCustomerAttribute, CustomerDeleteCustomerAttribute, CustomerRevokeApiKeyRefreshTokens, CustomerRevokeCustomerRefreshTokens, CustomerCreateApiKey, CustomerReadApiKey, CustomerUpdateApiKey, CustomerDeleteApiKey, CustomerCreateUserApiKey, CustomerReadUserApiKey, CustomerUpdateUserApiKey, CustomerDeleteUserApiKey, CustomerChangeAdministrativeUserPassword
API Key ManagerManage Self API KeysCustomerCreateApiKey, CustomerReadApiKey, CustomerUpdateApiKey, CustomerDeleteApiKey, CustomerRevokeApiKeyRefreshTokens
GetIDDocument TransactorPerform GetIDDocument Operation, Read Operation Results, Cancel operationCustomerCreateExternalOperationDocumentRequest, CustomerReadExternalOperationStatus, CustomerReadIDDocumentVerificationResult, CustomerCreateForeignOperationDocumentRequest, CustomerReadForeignOperationStatus, CustomerCancelOperation
GetBiometry TransactorPerform GetBiometry Operation, Read Operation Results, Cancel operationCustomerReadBiometryVerificationResult, CustomerCreateForeignOperationBiometryRequest, CustomerReadForeignOperationBiometryStatus, CustomerCancelOperation
Auth0 IntegratorManage Self API Keys, Manage Accounts and related entities, Create Accounts, Read Accounts, Create Bio Credentials, Read Bio Credentials, Perform Transaction, Perform GetBiometry Operation, Perform GetIDDocument Operation, Read Operation ResultsCustomerCreateAccount, CustomerReadAccount, CustomerReadAccountBiometricCredential, CustomerCreateForeignOperationBiometryRequest, CustomerReadForeignOperationBiometryStatus, CustomerCreateAccountBiometricCredential, CustomerBeginForeignAuthorization, CustomerEndAuthorization, CustomerCreateApiKey, CustomerReadApiKey, CustomerUpdateApiKey, CustomerDeleteApiKey, CustomerRevokeApiKeyRefreshTokens