Question

The Get Customer API does not require customer ID to be passed as a parameter.  How will this API be authenticated?

Answer

The customer has authenticated with their Data Holder (DH) and authorised the consent sharing to the Accredited Data Recipient (ADR). The customer context is the consumer who authenticated and is represented by the access token provided by the ADR to the API endpoint.

APIs that require authorization or authentication receive an access token in the Authorization header. The access token does not appear in the API parameters. The customer ID can be determined from the access token. 

See:

• CDS Security Profile