Skip to content

Register a EuroDaT Client

You need to register a EuroDaT Client before it is able to connect to your EuroDaT instance. If you are the administrator of a EuroDaT instance, you can use the script cluster/scripts/register_client.sh.

The tls.crt corresponding to the client secret is required, see our tutorial how to generate a client secret

Registration Script Usage

Run the following command to register a client:

    ./cluster/scripts/register_client.sh \
      --context $KUBECTL_CONTEXT \
      --realm $EURODAT_REALM \
      --tls-cert-path $PATH_TO_CLIENT_TLS_CRT \
      --client-id $CLIENT_ID \
      --client-selector $CLIENT_SELECTOR \
      --purpose $PURPOSE
  • --context: Kubernetes context to use for registration.
  • --realm: The realm you want to register this client for
  • --tls-cert-path: Path to client's certificate.
  • --client-id: Unique identifier for the client being registered.
  • --client-selector: The row-based security identifier for the client.
  • --purpose: The purpose of the client (APPS, TRANSACTIONS, SAFEDEPOSITS)

If you want to register a multi-purpose client, you have to repeat --purpose for each purpose. The token will contain all registered purposes.

The required realm is dependent on the environment you want to register your client for, e.g., eurodat-int for the integration environment.

Registration Workflow at EuroDaT

sequenceDiagram
    participant CB as Client Backend
    participant EC as EuroDaT Controller
    participant KC as Keycloak
    CB->>EC: Call registration endpoint<br>with client name and certificate
    alt New client
        EC->>KC: Create client with certificate
    else Client exists
        EC->>KC: Throw error
    end