The Authorisation API is a core EBSI service responsible for issuing Short-Term Access Tokens as JSON Web Signatures (JWS) to Natural Persons, Legal Entities and Trusted Applications (including both EBSI and third-party applications). These tokens are issued in exchange for presenting a valid long-term EBSI Verifiable Authorisation credential along with successful authentication or identification. Access tokens are required for entities and applications to gain access to the protected resources within EBSI.
Users can obtain access tokens by presenting a valid EBSI Verifiable Authorisation credential and proving ownership of their decentralised identifier (DID).
Trusted Applications receive access tokens if they meet the following criteria:
- They are registered in the Trusted Apps Registry (which includes listing of public keys).
- They have authorisation to access the requested protected resources.
- They successfully prove ownership of their private key through the Authenticated Key Exchange cyrptographic identification protocol.