keycloak-scim/topics/service/protection/protection-api.adoc

== Protection API

The Protection API provides a UMA-compliant set of endpoints providing:

* *Resource Registration*
+
From this endpoint resource servers can manage their resources remotely and enable link::../../../../enforcer/overview.adoc[Policy Enforcers] to query the server for the resources that need protection.

* *Permission Registation*
+
When using UMA protocol, resource servers can access this endpoint to issue permission tickets.

An important requirement for this API is that _only_ resource servers are supposed to access its endpoints using a special OAuth2 access token called *Protection API Token* or *PAT*.
In UMA, a PAT is just a token with a scope *uma_protection*.
First bucket of documentation from docbook. 2016-05-31 20:36:14 +00:00			`== Protection API`

More doc 2016-06-05 22:17:31 +00:00			`The Protection API provides a UMA-compliant set of endpoints providing:`
First bucket of documentation from docbook. 2016-05-31 20:36:14 +00:00
			`* Resource Registration`
			`+`
Fixes based on Stian feedback. 2016-07-26 21:34:49 +00:00			`From this endpoint resource servers can manage their resources remotely and enable link::../../../../enforcer/overview.adoc[Policy Enforcers] to query the server for the resources that need protection.`
First bucket of documentation from docbook. 2016-05-31 20:36:14 +00:00
			`* Permission Registation`
			`+`
More doc 2016-06-05 22:17:31 +00:00			`When using UMA protocol, resource servers can access this endpoint to issue permission tickets.`
First bucket of documentation from docbook. 2016-05-31 20:36:14 +00:00
More doc 2016-06-05 22:17:31 +00:00			`An important requirement for this API is that _only_ resource servers are supposed to access its endpoints using a special OAuth2 access token called Protection API Token or PAT.`
			`In UMA, a PAT is just a token with a scope uma_protection.`