Welcome to the Smart ID Digital Access Extension Programming Interface for Web Services.
Before most of the XPI:WS services can be used the caller must be authenticated. The entity being authenticated is represented by a subject which holds necessary credentials. Once authenticated the subject will be populated with security identities, i.e. principals. The subject is then passed along and its principals will be verified on each subsequent call. Depending on the authentication configuration it may be necessary to authenticate using more than one method.
The authorization services are used by an application to verify access to resources for a subject. The access decision depends on how the access rules for the resource are configured. For example, the rules may contain limitation based on a time schedule, certain IP addresses or multiple authentication methods. Also, an authorization request may be used for on-demand authentication, i.e. it will ask for additional authentication if the subject does not have the appropriate authentication level.
The single sign-on service manages the SSO user credentials. It currently operates only on the user for which the subject represents, i.e. to manage a user's SSO credentials you must be authenticated as the user and the user must belong to the SSO domain being managed.
The user account services are used to manipulate accounts within Smart ID Digital Access. A subject with account administrator privileges is required to use these services.
Session services can be used to retrieve information associated with a session identity, such as the current user ID.
Copyright © 1999-2023, Technology Nexus Secured Business Solutions AB. All rights reserved.