Customer Access
Authentication Methods
To use an API, it is necessary to exchange the required authenticators between Provider and Customer. The Developer Portal supports authentication methods for this purpose, which can be stored when creating an API. If a product is added to an App, information is requested or provided by the Customer during the activation request in accordance with the stored authentication methods.
Available Authentication Methods in the Developer Portal:
| Authentication Methods | Description |
|---|---|
| Access Token | The Developer Portal creates access tokens and generates corresponding access token hashes, which are made available to the Customer (access token) and the Provider (access token hash). The Customer uses the access token to authenticate himself to the API provided by the Provider. The Provider checks the authenticity of the access using the access token provided by the Customer, the stored hash method and the access token hash. |
| Manual Handover | If the “Manual Handover” authentication method is selected, no handover method of the authenticator is stored in the API. This means that the exchange of authentication information is regulated individually between Provider and Customer. |
Manual Handover is defined as the default for each API.
Management of an Authentication Method
If the means of authentication is assigned to an API, an access key (authenticator) with the Provider's currently stored authentication method is created for the App as part of an activation request.
The Provider must activate this access token.
Status of an access token
| Status | Description |
|---|---|
| activation-requested | Customer has created an access or access token and requests it from the Provider. |
| active | Provider has activated the access or access token. |
| deactivation-requested | Customer requests the Provider to block the access or access token. |
| inactive | Provider has blocked access or the access token in its system. |
App Access Status
The App access status shows your organization whether an App can be accessed in general (all products of the app). If the general access of the app is set to “red” by the Provider, the person responsible for the Customer receives a notification including a description of why access is blocked.
Provider action: An admin of a Provider can set the App access status to “red” via GUI or API. This means that the Provider has blocked access to all services in the App.
The App access status does not affect the authentication remedy stored in the App. The authentication remedy are therefore independent of the general access block (App access status) of the App. The access status of the individual authentication remedy remains unaffected.