Role Based Access Control

The Verified platform APIs support Role Based Access Control, which defines the services that the application can access.

Roles are recorded within the Access token. Developer can easily inspect the contents using JSON Web Tokens site

  • Examine access tokens to see appropriate roles.
  • Request to the GetAdministrativeUserActions API endpoint returns the list of actions the applications can perform with the current Access token.

An HTTP 403 "Unauthorized" response code is sent if the application tries to call an API that is not a part of the token roles.

An illustration of the roles in an access token is as follows:

...
"role": [  
    "Administrator",  
    "Transactor",  
    "Configurator"  
  ],
...

The RBAC model can be customized to meet specific needs by adding new roles. Please contact [email protected] to discuss your requirements.