indeavor-schedules-api
Security and API Policies
The API is secured using the Client ID Enforcement Policy
As part of this policy, the consumer of the API is required to pass the Client-ID/Secret generated by the platform while requesting access to the API within the header or as part of basic authorization during the API call.
Security Protocol:
| Protocol Name | Type | Summary | Category |
|---|---|---|---|
| TLS | One Way | In one way SSL, the client always verifies the server certificates, and the server does not verify any client certificates | Security - Transport Level Encryption |
Client ID Enforcement Policy:
The Client ID Enforcement policy restricts access to a protected resource by allowing requests only from registered client applications. The policy ensures that the client credentials sent on each request have been approved to consume the API.
When a client application is registered in Any point Platform, a pair of credentials consisting of a client ID and client secret is generated. When the client application requests access to an API, a contract is created between the application and that API. An API that is protected with a Client ID Enforcement policy is accessible only to applications that have an approved contract.
Policy Overview:
| Policy Name | Summary | Category | Returned Status Codes |
|---|---|---|---|
| Client ID Enforcement | Allow access only to authorized client applications | Compliance | Success -200 (Return expected output client application) Failed-401 (Unauthorized or invalid client application credentials) |
Request to contain below 2 elements in header.
client_id : <<>>
client_secret: <<>>