Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
definitions:
SubscriptionAuthentication:
description: >
If an API consumer requires the API producer to authorize for sending notifications to that API consumer,
it shall include in the subscription request data according to the following structure.
type: object
required:
- authType
properties:
authType:
description: >
Defines the type of Authentication/Authorization to use when sending a notification.
Permitted values:
* BASIC
* In every POST request that sends a notification, use HTTP Basic authentication with
the client credentials.
* The API producer shall pass its client credentials in every POST request that sends a
notification, as defined in IETF RFC 7617.
* NOTE: The clientId and clientPassword passed in a subscription shall not be the same as the
clientId and clientPassword that are used to obtain authorization for API requests.
Client credentials may differ between subscriptions. The value of clientPassword should be
generated by a random process.
* OAUTH2_CLIENT_CREDENTIALS
* In every POST request that sends a notification, use an
OAuth 2.0 Bearer token, obtained using the client credentials grant type.
* The API producer shall, prior to sending any notification, obtain an access token from
the token endpoint using the OAuth 2.0 client credentials grant type as defined in
IETF RFC 6749. The API consumer should include expiry information with the token response.
* The API producer shall include that access token as a Bearer token in every POST request
that sends a notification (according to IETF RFC 6750).
* If the access token is expired, the API consumer shall reject the notification. In that case,
the API producer shall obtain a new access token, and repeat sending the notification.
* If the token expiry time is known to the API producer, it may obtain proactively a new access token.
type: string
enum:
- BASIC
- OAUTH2_CLIENT_CREDENTIALS
paramsBasic:
description: >
Parameters for authentication/authorization using BASIC. Shall be present if authType is "BASIC" and
the contained information has not been provisioned out of band. Shall be absent otherwise.
type: object
properties:
userName:
description: >
Username to be used in HTTP Basic authentication. Shall be present if it has not been provisioned
out of band.
type: string
password:
description: >
Password to be used in HTTP Basic authentication. Shall be present if it has not been provisioned
out of band.
type: string
paramsOauth2Client Credentials:
description: >
Parameters for authentication/authorization using OAUTH2_CLIENT_CREDENTIALS. Shall be present if
authType is "OAUTH2_CLIENT_CREDENTIALS" and the contained information has not been provisioned
out of band. Shall be absent otherwise.
type: object
properties:
clientId:
description: >
Client identifier to be used in the access token request of the OAuth 2.0 client credentials
grant type. Shall be present if it has not been provisioned out of band. See NOTE.
type: string
clientPassword:
description: >
Client password to be used in the access token request of the OAuth 2.0 client credentials
grant type. Shall be present if it has not been provisioned out of band. See NOTE.
type: string
tokenEndpoint:
description: >
The token endpoint from which the access token can be obtained. Shall be present if it has
not been provisioned out of band.
type: string
format: URI