Product Documentation

Role Based Access Control

V.1

Suggest Edits

The Verified™ platform APIs support Role-Based Access Control (RBAC), which defines the services that the application can access.

Roles are recorded within the Access token. Developers can easily inspect the contents using JSON Web Tokens site

  • Examine access tokens to view appropriate roles.
  • A Request to the GetAdministrativeUserActions API endpoint returns the list of actions the applications can perform with the current Access token.

An HTTP 403 "Unauthorized" response code is returned/displayed if the application tries to call an API that is not a part of the token roles.

The following example illustrates roles embedded in an access token:

...
"role": [  
    "Administrator",  
    "Transactor",  
    "Configurator"  
  ],
...

The RBAC model can be customized to meet specific requirements by adding new roles. Please contact [email protected] for assistance.

Updated 4 days ago