Skip to content

Non-personal requests

By default, DABP personal endpoints require OIDC token and are secured by checking the caller's permissions. A caller is i.e. a CIM/DABP person.

Non-personal request support enables DABP API calls unrelated to a personal user.

Read endpoints

Endpoints that do not change the application's state are accessible with a valid JWT token containing a dedicated scope dabp_read.

Example endpoints:

  • get group
  • get group's policies/resources
  • get person details

Write scope

Endpoints that modify the application's state are accessible with a valid JWT token containing a dedicated scope dabp_write.

Example endpoints:

  • add/remove/update subgroup
  • add/remove/update policies
  • add/remove/update resources
  • add/remove/update group member
  • assign/unassign group/member policies/resources/permissions

Configuration

Dedicated read/write scope names are customizable via parameters:

  • dum.engine.auth.oidc-read-scope-name
  • dum.engine.auth.oidc-write-scope-name