Skip to content

Authorization

Besides authentication, several service APIs in EuroDat are access restricted via OAuth2 authorization. Hence, clients need to prove their authorization for specific actions via bearer token.

Participant claim

Clients obtain a participant claim during client registration. The participant claim is contained in all access tokens. Whenever a client tries to modify a resource (e.g. an app using HTTP methods POST/PUT/DELETE) EuroDat checks the ownership of the resource via participant claim.

Client purpose

A client is registered for a specific PURPOSE. Possible purposes are:

  1. APPS
  2. TRANSACTIONS
  3. SAFEDEPOSITS

A PURPOSE-related endpoint can only be accessed with a client that is registered for the PURPOSE.

Access restricted services

See the documentation of the concrete asset to view its authorization restrictions.