keycloak-scim/authorization_services/topics/service-protection-protection-api.adoc

[[_service_protection_api]]
= Protection API

The Protection API provides a UMA-compliant set of endpoints providing:

* *Resource Management*
+
With this endpoint, resource servers can manage their resources remotely and enable <<_enforcer_overview, policy enforcers>> to query the server for the resources that need protection.

* *Permission Management*
+
In the UMA protocol, resource servers access this endpoint to create permission tickets. {project_name} also provides
endpoints to manage the state of permissions and query permissions.

* *Policy API*
+
{project_name} leverages the UMA Protection API to allow resource servers to manage permissions for their users. In addition
to the Resource and Permission APIs, {project_name} provides a Policy API from where permissions can be set to resources by resource
servers on behalf of their users.

An important requirement for this API is that _only_ resource servers are allowed to access its endpoints using a special OAuth2 access token called a protection API token (PAT).
In UMA, a PAT is a token with the scope *uma_protection*.
[RHSSO-599] - Replacing link with fake 2016-11-29 15:30:53 +00:00			`[[_service_protection_api]]`
Convert Authorization Service to a flat topic structure (#212) * Convert Authorization Service to a flat topic structure * Fix issue with toc being cut 2017-10-09 06:38:46 +00:00			`= Protection API`
First bucket of documentation from docbook. 2016-05-31 20:36:14 +00:00
More doc 2016-06-05 22:17:31 +00:00			`The Protection API provides a UMA-compliant set of endpoints providing:`
First bucket of documentation from docbook. 2016-05-31 20:36:14 +00:00
[KEYCLOAK-3169] - UMA 2.0 related changes (#325) * [KEYCLOAK-3169] - Updating authz services doc * [KEYCLOAK-3169] - Section about changes to user account service * [KEYCLOAK-3169] - Removing UMA 1.0 references * [KEYCLOAK-3169] - RH-SSO images * [KEYCLOAK-3169] - Updating Keycloak images * [KEYCLOAK-3169] - Review * [KEYCLOAK-3169] - Review 2018-02-28 07:53:43 +00:00			`* Resource Management`
First bucket of documentation from docbook. 2016-05-31 20:36:14 +00:00			`+`
Convert documentation to AsciiDoctor 2017-08-28 12:50:14 +00:00			`With this endpoint, resource servers can manage their resources remotely and enable <<_enforcer_overview, policy enforcers>> to query the server for the resources that need protection.`
First bucket of documentation from docbook. 2016-05-31 20:36:14 +00:00
[KEYCLOAK-3169] - UMA 2.0 related changes (#325) * [KEYCLOAK-3169] - Updating authz services doc * [KEYCLOAK-3169] - Section about changes to user account service * [KEYCLOAK-3169] - Removing UMA 1.0 references * [KEYCLOAK-3169] - RH-SSO images * [KEYCLOAK-3169] - Updating Keycloak images * [KEYCLOAK-3169] - Review * [KEYCLOAK-3169] - Review 2018-02-28 07:53:43 +00:00			`* Permission Management`
First bucket of documentation from docbook. 2016-05-31 20:36:14 +00:00			`+`
[KEYCLOAK-3169] - UMA 2.0 related changes (#325) * [KEYCLOAK-3169] - Updating authz services doc * [KEYCLOAK-3169] - Section about changes to user account service * [KEYCLOAK-3169] - Removing UMA 1.0 references * [KEYCLOAK-3169] - RH-SSO images * [KEYCLOAK-3169] - Updating Keycloak images * [KEYCLOAK-3169] - Review * [KEYCLOAK-3169] - Review 2018-02-28 07:53:43 +00:00			`In the UMA protocol, resource servers access this endpoint to create permission tickets. {project_name} also provides`
			`endpoints to manage the state of permissions and query permissions.`
First bucket of documentation from docbook. 2016-05-31 20:36:14 +00:00
[KEYCLOAK-7552] - Documentation for new Policy API 2018-06-12 17:23:53 +00:00			`* Policy API`
			`+`
			`{project_name} leverages the UMA Protection API to allow resource servers to manage permissions for their users. In addition`
			`to the Resource and Permission APIs, {project_name} provides a Policy API from where permissions can be set to resources by resource`
			`servers on behalf of their users.`

General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`An important requirement for this API is that _only_ resource servers are allowed to access its endpoints using a special OAuth2 access token called a protection API token (PAT).`
Convert Authorization Service to a flat topic structure (#212) * Convert Authorization Service to a flat topic structure * Fix issue with toc being cut 2017-10-09 06:38:46 +00:00			`In UMA, a PAT is a token with the scope uma_protection.`