You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This describes how the Apis are secured and how authorization to the api resources works.
The APIs are access by application to application authentication and authorization. Authorization works for most services by bearer token validation with the additional check on a consumer's role. Bearer tokens are explained in API Authentication
Authorization Roles
Grant Victor provides various roles of access to the APIs.
User
Super
Admin
User
This is the default role and the role used by most every consumer of the APIs.
This role allows access to one's own data as defined by the App. Each consumer has an application id.
The app id is verified upon request to ensure that only the consumer's application data is visible and modifiable by the appropriate caller.
Super and Admin
Super and Admin are Grant Victor internal roles for managing the data using the services.