keycloak-scim/topics/service/protection/protection-api.adoc

14 lines
No EOL
681 B
Text
Executable file

== Protection API
The Protection API provides a UMA-compliant set of endpoints providing:
* *Resource Registration*
+
From this endpoint resource servers can manage their resources remotely and enable link::/enforcer/overview.adoc[Policy Enforcers] to query the server for the resources that need protection.
* *Permission Registation*
+
When using UMA protocol, resource servers can access this endpoint to issue permission tickets.
An important requirement for this API is that _only_ resource servers are supposed to access its endpoints using a special OAuth2 access token called *Protection API Token* or *PAT*.
In UMA, a PAT is just a token with a scope *uma_protection*.