Skip to content

Authorization

Besides authentication, several service APIs in EuroDat are access restricted via OAuth2 authorization. Hence, clients need to prove their authorization for specific actions via bearer token.

Participant claim

Clients obtain a participant claim during client registration. The participant claim is contained in all access tokens, which also contain the purposes for the clients registered under a given participant, see also how to register a EuroDaT client. Whenever a client tries to modify a resource (e.g. an app using HTTP methods POST/PUT/DELETE) EuroDat checks the ownership of the resource via participant claim.

Client purpose

A client is registered for a specific PURPOSE. Possible purposes are:

  1. APPS
  2. TRANSACTIONS
  3. SAFEDEPOSITS

A PURPOSE-related endpoint can only be accessed with a client that is registered for the PURPOSE.

Access restricted services

See the documentation of the concrete asset to view its authorization restrictions.