Product Entitlement Customer Experience API

This API uses the following security mechanisms.

Security schemes

OAuth 2.0 B2C token

A client application must present an OAuth 2.0 access token from Arm's customer-facing identity provider, Azure B2C.
Please see the OAuth 2.0 documentation for more details. This token may require certain scopes to be contained in the token before the API will allow the request; please see the API reference for further details.

Client ID and Secret (custom HTTP headers)

This method tends to be used for system-level access, commonly used on System APIs. It should only be used on older
APIs. Newer APIs will use standard Basic authentication headers.

Access is granted as follows:

1. In the developer portal, select 'Request Access'
2. Create an Application, this will generate a Client ID and Secret key. Please do not re-use Application credentials for different purposes.
3. Your request will typically be queued for approval by the platform administrators. Access would typically need to be assessed and consent of the back-end system owners given before being approved.
4. Send the Client ID and Secret in the API request in the HTTP headers (client_id/client_secret).

Network availabiliity

Intranet

The API is accessibly only to the internal Arm network.