2016-05-31 20:36:14 +00:00
|
|
|
== Entitlements API
|
|
|
|
|
|
2016-06-05 22:17:31 +00:00
|
|
|
The *Entitlement API* provides a 1-legged protocol for obtaining authorization data from the server, where the authorization data
|
|
|
|
|
represents the result of the evaluation of all permissions and authorization policies associated with the resources being requested.
|
2016-05-31 20:36:14 +00:00
|
|
|
|
2016-06-05 22:17:31 +00:00
|
|
|
Unlink the_Authorization API, the Entitlement API is not UMA-compliant and don't require permission tickets.
|
2016-05-31 20:36:14 +00:00
|
|
|
|
2016-06-05 22:17:31 +00:00
|
|
|
The purpose of this API is provide a more lightweight API for obtaining authorization data, where the client in possession of a valid
|
|
|
|
|
OAuth2 Access Token is able to obtain the necessary authorization data on behalf of their users.
|
2016-05-31 20:36:14 +00:00
|
|
|
|
2016-06-05 22:17:31 +00:00
|
|
|
Any client application can access the Entitlement API endpoint, which requires a special OAuth2 access token called *Entitlement API Token* or *EAT*.
|
2016-05-31 20:36:14 +00:00
|
|
|
|
