A Smart API uses claims to control and protect access to its resources:
Authorization is based on the claims included with an access token.
Claims are name/value pairs based on available claim types from Smart API Manager.
Claim types and values are configured for each group that has access to a Smart API.
Claims and claim types
The claims included in an access token typically originate from the <service root>/description document for the Smart API. However, you can add claim types from Smart API Manager.