Archived 2023.09.09. Please refer to Consumer Data Standards, Data Holder Brand services
Question
The article URI Structures describes four different types of end URIs:
- Unauthenticated Resource URL
- Authenticated Resource URL
- Unauthenticated security profile URL
- Authenticated security profile URL
How are these URLs represented in the CDR Register GetDataHolderBrands API response, specifically the RegisterDataHolderBrandServiceEndpoint structure?
"endpointDetail": { "version": "string", "publicBaseUri": "string", "resourceBaseUri": "string", "infosecBaseUri": "string", "extensionBaseUri": "string", "websiteUri": "string" }, "authDetails": [ { "registerUType": "SIGNED-JWT", "jwksEndpoint": "string" }
],
Answer
The GetDataHolderBrands API response fields are used as follows:
publicBaseUri
: the base path for all the public resource APIs (Unauthenticated Resource URLs) including Get Products, Get Status and Get Outages.resourceBaseUri
: the base path for all protected CDR data APIs (Authenticated Resource URLs) such as Get Accounts, Get Customer, Get Transaction Detail etc.infosecBaseUri
: the base path for all InfoSec URLs (Unauthenticated Security Profile URLs and Authenticated Security Profile URLs)
Question
Does that mean infosecBaseUri
serves as base-path for both public (TLS) and private (mTLS) URLs?
Public (TLS) URLs:
- OpenID Provider Configuration End Point
- Authorisation End Point
- ...
Private (mTLS) URLs:
- Token End Point
- UserInfo End Point
- ...
Answer
Using infosecBaseUri
as the base of both authenticated and unauthenticated URLs is the common expectation. However infosecBaseUri
is used primarily to allow ADRs to locate the OpenID Connect Metadata endpoint. The metadata response from this endpoint contains the URLs of each of the various info sec endpoints. Consequently the URL for each of these is at the discretion of the DH (Data Holder).
Comments
0 comments
Please sign in to leave a comment.