By default, DABP personal endpoints require OIDC token and are secured by checking the caller's permissions. A caller is i.e. a CIM/DABP person.
Non-personal request support enables DABP API calls unrelated to a personal user.
Endpoints that do not change the application's state are accessible with a valid JWT token containing a dedicated scope
- get group
- get group's policies/resources
- get person details
Endpoints that modify the application's state are accessible with a valid JWT token containing a dedicated scope
- add/remove/update subgroup
- add/remove/update policies
- add/remove/update resources
- add/remove/update group member
- assign/unassign group/member policies/resources/permissions
Dedicated read/write scope names are customizable via parameters: