Role Based Access Control
The API endpoints that need to be called by the application depend on the workflows and features implemented by the system consuming authID APIs.
The Verified platform APIs support Role Based Access Control, which defines the services that the application can access.
Roles are recorded within the Access token. Developer can easily inspect the contents using JSON Web Tokens site
- Examine access tokens to see appropriate roles.
- Request to the GetAdministrativeUserActions API endpoint returns the list of actions the applications can perform with the current Access token.
An HTTP 403 "Unauthorized" response code is sent if the application tries to call an API that is not a part of the token roles.
An illustration of the roles in an access token is as follows:
...
"role": [
"Administrator",
"Transactor",
"Configurator"
],
...
| Role | Permissions | API Methods |
|---|---|---|
| Administrator | Read Customer Attributes, Manage Accounts and related entities, Create Accounts, Read Accounts, Manage Bio Credentials, Create Bio Credentials, Read Bio Credentials, Manage Custom Operations and Operations Resources, Read Transaction/Operation history, Read System Audit, Perform Transaction, Read Operation Results | CustomerVerifyIDDocument, CustomerDeleteSingleAccountBiometricCredentialRawData, CustomerGetAccountBiometricCredentialRawDataCount, CustomerDeleteAllAccountBiometricCredentialRawData, CustomerCheckLiveness, CustomerCreateAccount, CustomerReadAccount, CustomerSearchAccounts, CustomerUpdateAccount, CustomerDeleteAccount, CustomerAuditAccount, CustomerLinkAccount, CustomerReadAccountPolicy, CustomerUpdateAccountPolicy, CustomerCreatePreRegistration, CustomerReadPreRegistration, CustomerAuditPreRegistration, CustomerCancelPreRegistration, CustomerSearchTransactions, CustomerSyncToExternalSystem, CustomerSyncFromExternalSystem, CustomerCreateAccountBiometricCredential, CustomerReadAccountBiometricCredential, CustomerDeleteAccountBiometricCredential, CustomerVerifyAccountBiometricCredential, CustomerAuditBiometricCredential, CustomerReadAccountBiometricCredentialMetadata, CustomerAuditApiKey, CustomerCreateCustomOperation, CustomerReadCustomOperation, CustomerUpdateCustomOperation, CustomerDeleteCustomOperation, CustomerAuditCustomOperation, CustomerCreateCustomOperationResource, CustomerReadCustomOperationResource, CustomerUpdateCustomOperationResource, CustomerDeleteCustomOperationResource, CustomerAuditCustomOperationResource, CustomerReadPredefinedOperation, CustomerAuditPredefinedOperation, CustomerCreatePredefinedOperationResource, CustomerReadPredefinedOperationResource, CustomerUpdatePredefinedOperationResource, CustomerDeletePredefinedOperationResource, CustomerAuditPredefinedOperationResource, CustomerReadIDDocumentTypes, CustomerReadSearchMetadata, CustomerSearchAudit, CustomerAuditCustomerAttribute, CustomerSearchOperations, CustomerReadTransactionConfirmations, CustomerAuditAdministrativeUser, CustomerReadCustomerAttribute |
| Transactor | Perform Transaction, Read Transaction Results | CustomerBeginAuthorization, CustomerBeginCustomAuthorization, CustomerEndAuthorization, CustomerAuthorizeTransaction, CustomerCheckAuthorization, CustomerCheckCustomAuthorization, CustomerSendInformationalNotification, CustomerCheckInformationalNotification, CustomerBeginForeignAuthorization |
| Biometric Credentials Reader | Read Bio Credentials | CustomerReadAccountBiometricCredential, CustomerReadAccountBiometricCredentialMetadata, CustomerReadBiometricCredential |
| External Verificator | Perform external doc verification | CustomerExternalVerifyIDDocument |
| Configurator | Manage Customer Settings, Manage Customer Attributes, Read Customer Attributes | CustomerReadCustomerGenericSettings, CustomerUpdateCustomerGenericSettings, CustomerReadCustomerWebhookSettings, CustomerUpdateCustomerWebhookSettings, CustomerResetCustomerWebhookSecret, CustomerCallTestWebhook, CustomerCreateCustomerAttribute, CustomerReadCustomerAttribute, CustomerUpdateCustomerAttribute, CustomerDeleteCustomerAttribute |
| Site Operator | Manage Accounts and related entities, Create Accounts, Read Accounts, Manage Bio Credentials, Create Bio Credentials, Read Bio Credentials, Manage Custom Operations and Operations Resources, Read Transaction/Operation history, Read System Audit, Read Operation Results | CustomerAuditAdministrativeUser, CustomerCreateAccount, CustomerReadAccount, CustomerSearchAccounts, CustomerUpdateAccount, CustomerDeleteAccount, CustomerAuditAccount, CustomerLinkAccount, CustomerReadAccountPolicy, CustomerUpdateAccountPolicy, CustomerCreatePreRegistration, CustomerReadPreRegistration, CustomerAuditPreRegistration, CustomerCancelPreRegistration, CustomerSearchTransactions, CustomerSyncToExternalSystem, CustomerSyncFromExternalSystem, CustomerCreateAccountBiometricCredential, CustomerReadAccountBiometricCredential, CustomerDeleteAccountBiometricCredential, CustomerVerifyAccountBiometricCredential, CustomerAuditBiometricCredential, CustomerReadAccountBiometricCredentialMetadata, CustomerDeleteSingleAccountBiometricCredentialRawData, CustomerGetAccountBiometricCredentialRawDataCount, CustomerAuditApiKey, CustomerCreateCustomOperation, CustomerReadCustomOperation, CustomerUpdateCustomOperation, CustomerDeleteCustomOperation, CustomerAuditCustomOperation, CustomerCreateCustomOperationResource, CustomerReadCustomOperationResource, CustomerUpdateCustomOperationResource, CustomerDeleteCustomOperationResource, CustomerAuditCustomOperationResource, CustomerReadPredefinedOperation, CustomerAuditPredefinedOperation, CustomerCreatePredefinedOperationResource, CustomerReadPredefinedOperationResource, CustomerUpdatePredefinedOperationResource, CustomerDeletePredefinedOperationResource, CustomerAuditPredefinedOperationResource, CustomerReadIDDocumentTypes, CustomerReadSearchMetadata, CustomerSearchAudit, CustomerReadCustomerAttribute, CustomerAuditCustomerAttribute, CustomerSearchOperations, CustomerReadTransactionConfirmations, CustomerVerifyIDDocument, CustomerDeleteAllAccountBiometricCredentialRawData, CustomerCheckLiveness |
| Transaction Result Auditor | Read Transaction Results, Read Operation Results | CustomerReadBiometryVerificationResult, CustomerEndAuthorization, CustomerReadTransactionConfirmations, CustomerReadExternalOperationStatus, CustomerReadForeignOperationStatus, CustomerReadIDDocumentVerificationResult |
| Customer Owner | Manage Admin Users and API Keys, Manage Self API Keys, Manage Customer Settings, Manage Customer Attributes, Read Customer Attributes | CustomerCreateAdministrativeUser, CustomerUpdateAdministrativeUser, CustomerDeleteAdministrativeUser, CustomerReadAdministrativeUser, CustomerSearchAdministrativeUsers, CustomerReadCustomerRole, CustomerReadAdministrativeUserRole, CustomerReadCustomerGenericSettings, CustomerUpdateCustomerGenericSettings, CustomerReadCustomerWebhookSettings, CustomerUpdateCustomerWebhookSettings, CustomerResetCustomerWebhookSecret, CustomerCallTestWebhook, CustomerCreateCustomerAttribute, CustomerReadCustomerAttribute, CustomerUpdateCustomerAttribute, CustomerDeleteCustomerAttribute, CustomerRevokeApiKeyRefreshTokens, CustomerRevokeCustomerRefreshTokens, CustomerCreateApiKey, CustomerReadApiKey, CustomerUpdateApiKey, CustomerDeleteApiKey, CustomerCreateUserApiKey, CustomerReadUserApiKey, CustomerUpdateUserApiKey, CustomerDeleteUserApiKey, CustomerChangeAdministrativeUserPassword |
| API Key Manager | Manage Self API Keys | CustomerCreateApiKey, CustomerReadApiKey, CustomerUpdateApiKey, CustomerDeleteApiKey, CustomerRevokeApiKeyRefreshTokens |
| GetIDDocument Transactor | Perform GetIDDocument Operation, Read Operation Results, Cancel operation | CustomerCreateExternalOperationDocumentRequest, CustomerReadExternalOperationStatus, CustomerReadIDDocumentVerificationResult, CustomerCreateForeignOperationDocumentRequest, CustomerReadForeignOperationStatus, CustomerCancelOperation |
| GetBiometry Transactor | Perform GetBiometry Operation, Read Operation Results, Cancel operation | CustomerReadBiometryVerificationResult, CustomerCreateForeignOperationBiometryRequest, CustomerReadForeignOperationBiometryStatus, CustomerCancelOperation |
| Auth0 Integrator | Manage Self API Keys, Manage Accounts and related entities, Create Accounts, Read Accounts, Create Bio Credentials, Read Bio Credentials, Perform Transaction, Perform GetBiometry Operation, Perform GetIDDocument Operation, Read Operation Results | CustomerCreateAccount, CustomerReadAccount, CustomerReadAccountBiometricCredential, CustomerCreateForeignOperationBiometryRequest, CustomerReadForeignOperationBiometryStatus, CustomerCreateAccountBiometricCredential, CustomerBeginForeignAuthorization, CustomerEndAuthorization, CustomerCreateApiKey, CustomerReadApiKey, CustomerUpdateApiKey, CustomerDeleteApiKey, CustomerRevokeApiKeyRefreshTokens |
Updated about 2 months ago