Question
The customer ID
is not required to be present in the resource path for calls to endpoints Get Customer and Get Customer Detail. Is that correct?
Answer
That is correct, the customer resources, Get Customer and Get Customer Detail, do not require the customer identifier to be present in the resource path.
This is because the customer context is derived from the active customer consent, which is represented by the access token the ADR uses to call the associated endpoints.
The ADR does not need to provide the customer ID
in a header. The Data Holder must check the sub claim associated with the access token provided. The sub claim is the pairwise pseudonymous identifier acting as the customer reference. See CDS Scopes and Claims for more details.
Question
Is the access token passed as a bearer token in the Authorisation header?
Answer
That is correct, the customer ID
is presented as a bearer token.
Comments
0 comments
Please sign in to leave a comment.