keycloak-scim/topics/service/protection/protection-api.adoc

15 lines
731 B
Text
Raw Normal View History

2016-11-29 15:30:53 +00:00
[[_service_protection_api]]
== Protection API
2016-06-05 22:17:31 +00:00
The Protection API provides a UMA-compliant set of endpoints providing:
* *Resource Registration*
+
2016-11-29 15:30:53 +00:00
With this endpoint, resource servers can manage their resources remotely and enable <<fake/../../../enforcer/overview.adoc#_enforcer_overview, policy enforcers>> to query the server for the resources that need protection.
* *Permission Registration*
+
In the UMA protocol, resource servers access this endpoint, which issues permission tickets.
An important requirement for this API is that _only_ resource servers are allowed to access its endpoints using a special OAuth2 access token called a protection API token (PAT).
In UMA, a PAT is a token with the scope *uma_protection*.