By default, DABP personal endpoints require OIDC token and are secured by checking the caller's permissions. A caller is i.e. a CIM/DABP person.
Non-personal request support enables DABP API calls unrelated to a personal user.
Endpoints that do not change the application's state are accessible with a valid JWT token containing a dedicated scope
Example endpoints: - get group - get group's policies/resources - get person details
Endpoints that modify the application's state are accessible with a valid JWT token containing a dedicated scope
Example endpoints: - add/remove/update subgroup - add/remove/update policies - add/remove/update resources - add/remove/update group member - assign/unassign group/member policies/resources/permissions
Dedicated read/write scope names are customizable via parameters: