Skip to content

API Access Evaluation

Evaluating protocol access

Once the caller is successfully authenticated, the claims bound to the authenticated user will be used to evaluate their access. These claims are given in the form of a JWT as described here. JWTs are only relevant for API Access requests.

  1. Claims are then extracted from the JWT into a single set of claims.
  2. Claims are compared to those assigned to the bound party on the protocol. The authorization is successful if they match.
  3. If successful, access is given and the request can proceed.

How claims are bound

The claims are specified via the protocol creation request as a set of party claims (containing both entity and access claims).

Multiple matching parties

If the claims match multiple parties on a protocol, the first match is chosen.