Permalink
93a78ac Jun 26, 2018
2 contributors

Users who have contributed to this file

@pedroigor @stianst
23 lines (17 sloc) 1.07 KB

Protection API

The Protection API provides a UMA-compliant set of endpoints providing:

  • Resource Management

    With this endpoint, resource servers can manage their resources remotely and enable policy enforcers to query the server for the resources that need protection.

  • Permission Management

    In the UMA protocol, resource servers access this endpoint to create permission tickets. {project_name} also provides endpoints to manage the state of permissions and query permissions.

  • Policy API

    {project_name} leverages the UMA Protection API to allow resource servers to manage permissions for their users. In addition to the Resource and Permission APIs, {project_name} provides a Policy API from where permissions can be set to resources by resource servers on behalf of their users.

An important requirement for this API is that only resource servers are allowed to access its endpoints using a special OAuth2 access token called a protection API token (PAT). In UMA, a PAT is a token with the scope uma_protection.