A Smart API uses claims to control and protect access to its resources:
-
Authorization is based on the claims included with an access token.
-
Claims are name/value pairs based on available claim types from Smart API Manager.
-
Claim types and values are configured for each group that has access to a Smart API.
Claims and claim types
The claims included in an access token typically originate from the <service root>/description document for the Smart API. However, you can add claim types from Smart API Manager.
See Smart APIs and Groups for more information on configuring claims for groups and Smart APIs.