Generic iSHARE API specifications API Reference

These are the generic API specifications of iSHARE Scheme v1.10, as released in Q2 2019.

These specifications describe the standardised identification, authentication and authorization mechanisms to be implemented by iSHARE participants. Depending on the role your organisation fulfils within the iSHARE Scheme, you need to provide an iSHARE API according to the specifications below.

It is essential to understand that this page describes the generic API specifications for participants. The endpoints described are not actual functioning endpoints. For example, any Service Provider in iSHARE needs to implement the API endpoints as described in the Service Provider section, but his exact endpoints may vary. The /capabilities endpoint, which is required for every participant that provides services, displays the actual endpoints exposed under iSHARE of such a party.

API Endpoints base URL
https://so.ishareworks.org
Request Content-Types: application/json, application/x-www-form-urlencoded
Schemes: https
Version: 1.10

any iSHARE party

endpoints to be implemented by any iSHARE party

Retrieves iSHARE capabilities

GET /any_ishare_party/capabilities

Retrieves the iSHARE capabilities (supported versions & optional features) of the iSHARE party. Server response is an iSHARE signed JSON Web Token. Please refer to the models ‘jwt_header’ and ‘jwt_payload_capabilities’ which indicate what the decoded response will look like.

The capabilities endpoint should only return the public endpoints if no access token is provided. If an access token is provided, the capabilities endpoint will also provide the restricted endpoints. The capabilities and token endpoint MUST be public endpoints. It is up to parties themselves whether or not they restrict other endpoints.

A party may also have private endpoints, which are endpoints for their own internal organization. These endpoints should only be acccessible with a private access token, and are not within the scope of iSHARE.

Authorization
in header
string

Oauth 2.0 authorisation based on bearer token. MUST contain "Bearer " + access token value

Request Example (In Header, use of Access Token is optional)
{
  "Authorization":"Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1NTYwMTYyNjIsImV4cCI6MTU1NjAxOTg2MiwiaXNzIjoiaHR0cHM6Ly9zY2hlbWUuaXNoYXJldGVzdC5uZXQvIiwiYXVkIjoiRVUuRU9SSS5OTDAwMDAwMDAwMCIsImNsaWVudF9pZCI6IkVVLkVPUkkuTkwwMDAwMDAwMDEiLCJzY29wZSI6WyJpU0hBUkUiXX0.Yy8lJhCsOC1tU_A6bLQvWF6Ydm_XsH80HcOHPri6YJKUMU_fJUvZs6hnitgtwAHuTDPn5Ngdir6W4HhVTI8XSWerbJzdmbYKg5q8YDMo1QG3K_Dsu_Z6KLI91kMauFx_skx79z-kC-t_V0CSBRThq_Ij08qMmVkbWWpj6x0sJ1P7Pd0A1otYoOjSfYRRtTAm1IsJXHuAIe7lErR4uuQr8uKlljPIUh69kl5NAtj8l31uR1Kuqp1KfzZUeEPFM0m1efhK609Tjq4sxn8PG5HMthkc2snO8BcI53FYWuQ71txFEaCxTHYQipUhcxWVUczDjIosW9eKYVD7O6r1th0cVw"
}
capabilities_token

string

Response Example (200 OK, from Scheme Owner)
{
  "capabilities_token":"eyJ4NWMiOlsiTUlJSTZEQ0NCdENnQXdJQkFnSVVLVm1hcWhmSEE2NGJ3dElWSGplRkUrUlVWdm93RFFZSktvWklodmNOQVFFTEJRQXdnWUl4Q3pBSkJnTlZCQVlUQWs1TU1TQXdIZ1lEVlFRS0RCZFJkVzlXWVdScGN5QlVjblZ6ZEd4cGJtc2dRaTVXTGpFWE1CVUdBMVVFWVF3T1RsUlNUa3d0TXpBeU16YzBOVGt4T0RBMkJnTlZCQU1NTDFGMWIxWmhaR2x6SUZCTFNXOTJaWEpvWldsa0lFOXlaMkZ1YVhOaGRHbGxJRk5sY25abGNpQkRRU0F0SUVjek1CNFhEVEU1TURNd05EQTRNakkxTkZvWERUSXhNRE13TkRBNE16SXdNRm93Z1p3eEhUQWJCZ05WQkFVVEZEQXdNREF3TURBek56TXdOVGd5T0Rrd01EQXdNUXN3Q1FZRFZRUUdFd0pPVERFV01CUUdBMVVFQ0F3TlRtOXZjbVF0U0c5c2JHRnVaREVTTUJBR0ExVUVCd3dKUVcxemRHVnlaR0Z0TVNRd0lnWURWUVFLREJ0VGRHbGphSFJwYm1jZ2FWTklRVkpGSUVadmRXNWtZWFJwYjI0eEhEQWFCZ05WQkFNTUUzZDNkeTVwYzJoaGNtVjNiM0pyY3k1dmNtY3dnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFETzI5SzY3ZkkrL1FJbFdGemNNa09qUWF2QUxzR2dxcHQyaytYM1hWOWVWM0JLeFB4QXVRbWpDNkVON2xFWktoMTdnMGcyejVVT3lRaFBwQ0JBaHhKbVUyeFdWajlhVWh6OW8ySWh5dUVRSk5XNTlmWmlVQW1DWW5OMWV6NkR0VjhSZ3JlWktIM1FTNGowT2xpdWtnVlo2NldidkQ3QlpiNVVGSjEvUXZnbXcyc0VJV0VlSHFGMzF5WHhsellUdW54TFFjM1pxRVdFOUVwWnNROCtYbVVvMGlaQm9WWnBEVE92cXZDdWd2QjB2QXdFd2IvdHJmQlR0M2xwVjU5ZzVtL1JqeWhOcmVpR0h4Y2lvRGkzeGxObnc1end1YXRzWTJsRStHM1hpSFhJN2tMOEprckUrOCtTWkhId1Y3aC8weXVrbWtsM2dWTVNDeFZpWHp1T0xZSFpBZ01CQUFHamdnUTRNSUlFTkRBZkJnTlZIU01FR0RBV2dCUzM2ZERwLzJjTzJad01CeTZYMUg1TGVYajBJREI3QmdnckJnRUZCUWNCQVFSdk1HMHdQQVlJS3dZQkJRVUhNQUtHTUdoMGRIQTZMeTkwY25WemRDNXhkVzkyWVdScGMyZHNiMkpoYkM1amIyMHZjR3RwYjNObGNuWmxjbWN6TG1OeWREQXRCZ2dyQmdFRkJRY3dBWVloYUhSMGNEb3ZMM05zTG05amMzQXVjWFZ2ZG1Ga2FYTm5iRzlpWVd3dVkyOXRNRU1HQTFVZEVRUThNRHFDRTNkM2R5NXBjMmhoY21WM2IzSnJjeTV2Y21lQ0VuTnZMbWx6YUdGeVpYZHZjbXR6TG05eVo0SVBhWE5vWVhKbGQyOXlhM011YjNKbk1JSUJPZ1lEVlIwZ0JJSUJNVENDQVMwd2dnRWZCZ3BnaEJBQmgyc0JBZ1VHTUlJQkR6QTBCZ2dyQmdFRkJRY0NBUllvYUhSMGNEb3ZMM2QzZHk1eGRXOTJZV1JwYzJkc2IySmhiQzVqYjIwdmNtVndiM05wZEc5eWVUQ0IxZ1lJS3dZQkJRVUhBZ0l3Z2NrTWdjWlNaV3hwWVc1alpTQnZiaUIwYUdseklHTmxjblJwWm1sallYUmxJR0o1SUdGdWVTQndZWEowZVNCaGMzTjFiV1Z6SUdGalkyVndkR0Z1WTJVZ2IyWWdkR2hsSUhKbGJHVjJZVzUwSUZGMWIxWmhaR2x6SUVObGNuUnBabWxqWVhScGIyNGdVSEpoWTNScFkyVWdVM1JoZEdWdFpXNTBJR0Z1WkNCdmRHaGxjaUJrYjJOMWJXVnVkSE1nYVc0Z2RHaGxJRkYxYjFaaFpHbHpJSEpsY0c5emFYUnZjbmtnS0doMGRIQTZMeTkzZDNjdWNYVnZkbUZrYVhObmJHOWlZV3d1WTI5dEtTNHdDQVlHWjRFTUFRSUNNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01DQmdnckJnRUZCUWNEQVRBL0JnTlZIUjhFT0RBMk1EU2dNcUF3aGk1b2RIUndPaTh2WTNKc0xuRjFiM1poWkdseloyeHZZbUZzTG1OdmJTOXdhMmx2YzJWeWRtVnlaek11WTNKc01CMEdBMVVkRGdRV0JCUlQ0c0xrY1lpdzNUblpWMHJCL1h0NVJIV1JHekFPQmdOVkhROEJBZjhFQkFNQ0JhQXdnZ0dBQmdvckJnRUVBZFo1QWdRQ0JJSUJjQVNDQVd3QmFnQjNBRzlUZHF3eDhERVoySmtBcEZFVi8zY1ZIQkhaQXNFQUtRYU5zZ2lhTjlrVEFBQUJhVWZWbkJVQUFBUURBRWd3UmdJaEFMSGlreW8wdkhUSnU1TXdua0RaWXkyTm9LSGlMZFgwMnV5dXZ1UVIvTWIzQWlFQTdsUVcrbDl3VUhzRGFxaXBCTGNGVXRCRnZPMm54d3VnazdBWnlIMzVCMDBBZHdEdVM3MjNkYzVndXVGQ2FSK3I0WjVtb3c5K1g3QnkySU1BeEh1SmVxajl5d0FBQVdsSDFacXlBQUFFQXdCSU1FWUNJUUNYYnpaOStHYzUwVXVVVTlCT1FSaE90NXEvS3oxU1FKK0xDUi9yUzBwYld3SWhBSXdXbCtDbE52U05nSGFsUWNhYkh4YTVCc0hUUDAvZmQ5VHA0SmY5OWVQeUFIWUFWWUhVd2hhUU5nRks2Z3ViVnp4VDhNRGtPSGh3SlFnWEw2T3FIUWNUMHd3QUFBRnBSOVdhK0FBQUJBTUFSekJGQWlFQStJeXR1U3l6S0puU2lVZXVCbG1VbkQwV3c0eFE2UWF3M3JheEVzUm9ITW9DSUJ3RlRRS0hZSUk1VXViTlZ4Vk8zN3FaZTJaZmY5Z1luMDllaW5Zb1dvNXdNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUNUWklTK1B0bFFBS2l4WVo0c3h6YWZIQmFCdldsUlJVdTJaRWxHVFVmWmVQOFp0Q3lyOFJkaVNGZ0x5RlB5WXJ6Q2lUQW9SNFg1ZXFrRUhtbUUwN1pZdmVPTWhmaGoxS2thaVJ4d3l6VlFUeTQzaEZlSGQrMFdDODFnT1dVT3dlWnYyUE5BclYyUVByT2hEKzMxTTV6WEY0UzNCcFVRdXRBYUlScGZtazRYNkxFNk5iM3lUendaVzRtYVFkV1dZZlhEc3ozSUlNSm5xS2xtRTJWV0JrNGhGeW5HN0pySUYwc2NZMnNWN0djbHJ6NFlqcERnMXhzVndhcHpMdnVjNW1HcHVjeGhIaEJwLzI2d2Z3dVVGSDVKdThOVlFVYzcyL2xCYkNSZEVPVFQ5eTdTUWdDVXFEa0dsYnNsc0Qzc1JsMWd4NTNhQ0JCWG9WTVdWdHpaaEd0WkVZdTNtNWtQV1dpQkNZY3BtVFdWTFZ1dnRCUHRWZ1VXNEJtU3FkSUZRbWpjMmZvaG05aXJKNmRiemU5V2t6N3NDMG9KbHJ3Y1ltZE5IeG5kTHd6eWdPbWFKeXNyRzVTZHNlcHE5TTNtdHYzdHBLOFp4OGd1N1VSODI4L2FvRTlZeXNXMThrZWNVRjBybytBZEZhb1crWEhsQmJzQXdVSXBsZ1VqK1lySW01MElnSzlFcUtHMzk0eEUvUmk3ODkyOVNHYzJtT2FsenRUYmp5UGoyYmJ2UEpTempHTGU3R0d2cGd0UFFDYjE0N1oyZ2JjT0ZSU1hySU5JUlpCOG5LY1JueHJmQmpYTFRxV1pQSVZCR0tXb1REeU1qM1ltVWdUVlI0M3JmcHkwOEpyRFU1MmMwbWtlWFQ5WW84OGNnd2pudFBzQ2lkR29JTUFwMHdLa2RpMjV2QT09Il0sImFsZyI6IlJTMjU2IiwidHlwIjoiSldUIn0.eyJpc3MiOiJFVS5FT1JJLk5MMDAwMDAwMDAwIiwic3ViIjoiRVUuRU9SSS5OTDAwMDAwMDAwMCIsImp0aSI6ImRkNjMxMGU5YmIwMTRmMTQ4ZDA3ODYxN2RlOTA1ZWYyIiwiaWF0IjoxNTU2MDE2OTQwLCJleHAiOjE1NTYwMTY5NzAsImNhcGFiaWxpdGllc19pbmZvIjp7InBhcnR5X2lkIjoiRVUuRU9SSS5OTDAwMDAwMDAwMCIsImlzaGFyZV9yb2xlcyI6W3sicm9sZSI6IlNjaGVtZSBPd25lciJ9XSwic3VwcG9ydGVkX3ZlcnNpb25zIjpbeyJ2ZXJzaW9uIjoiMS43Iiwic3VwcG9ydGVkX2ZlYXR1cmVzIjpbeyJwdWJsaWMiOlt7ImlkIjoiMzY5NUMyNzMtM0NBOC00ODJBLUJEMUMtMTg1QUYyRkZGMTNFIiwiZmVhdHVyZSI6ImNhcGFiaWxpdGllcyIsImRlc2NyaXB0aW9uIjoiUmV0cmlldmVzIGlTSEFSRSBjYXBhYmlsaXRpZXMiLCJ1cmwiOiJodHRwczovL3NvLmlzaGFyZXdvcmtzLm9yZy9jYXBhYmlsaXRpZXMiLCJ0b2tlbl9lbmRwb2ludCI6Imh0dHBzOi8vc28uaXNoYXJld29ya3Mub3JnL2Nvbm5lY3QvdG9rZW4ifSx7ImlkIjoiRTdFREUyQ0MtQUE4Mi00NTYzLUI0RTMtQkU2MjY4QTRGQkQ4IiwiZmVhdHVyZSI6ImFjY2VzcyB0b2tlbiIsImRlc2NyaXB0aW9uIjoiT2J0YWlucyBhY2Nlc3MgdG9rZW4iLCJ1cmwiOiJodHRwczovL3NvLmlzaGFyZXdvcmtzLm9yZy9jb25uZWN0L3Rva2VuIn0seyJpZCI6IjU1MzA3MURDLUQ0NDctNDg4MC04NDZFLUE2MUIxNkUxMjNBNCIsImZlYXR1cmUiOiJwYXJ0aWVzIGluZm9ybWF0aW9uIiwiZGVzY3JpcHRpb24iOiJPYnRhaW5zIGluZm9ybWF0aW9uIG9uIGlTSEFSRSBwYXJ0aWVzIiwidXJsIjoiaHR0cHM6Ly9zby5pc2hhcmV3b3Jrcy5vcmcvcGFydGllcyIsInRva2VuX2VuZHBvaW50IjoiaHR0cHM6Ly9zby5pc2hhcmV3b3Jrcy5vcmcvY29ubmVjdC90b2tlbiJ9LHsiaWQiOiJGOTRDMUU2Ni1FREJDLTQ5Q0EtODE4Ny01M0RGOEUwNjRGMTgiLCJmZWF0dXJlIjoicGFydHkgaW5mb3JtYXRpb24iLCJkZXNjcmlwdGlvbiI6Ik9idGFpbnMgaW5mb3JtYXRpb24gb24gaVNIQVJFIHBhcnR5IiwidXJsIjoiaHR0cHM6Ly9zby5pc2hhcmV3b3Jrcy5vcmcvcGFydGllcy97cGFydHlJZH0iLCJ0b2tlbl9lbmRwb2ludCI6Imh0dHBzOi8vc28uaXNoYXJld29ya3Mub3JnL2Nvbm5lY3QvdG9rZW4ifSx7ImlkIjoiQjkzRjk1NUItQTdGQy00OTVGLTkxQjctQjFDNDFDOTBFNEQ1IiwiZmVhdHVyZSI6InRydXN0ZWRfbGlzdCIsImRlc2NyaXB0aW9uIjoiT2J0YWlucyBsaXN0IG9mIGlTSEFSRSB0cnVzdGVkIENlcnRpZmljYXRlIEF1dGhvcml0aWVzIiwidXJsIjoiaHR0cHM6Ly9zby5pc2hhcmV3b3Jrcy5vcmcvdHJ1c3RlZF9saXN0IiwidG9rZW5fZW5kcG9pbnQiOiJodHRwczovL3NvLmlzaGFyZXdvcmtzLm9yZy9jb25uZWN0L3Rva2VuIn1dfV19XX19.FA2LxcFMGy2m0MkrLuO0aeUgw2m8o0v-GdYAxe0qyBh6c0td8xNu5B4EI9YUzoAezlVcc13fvLSfsilfAAoHCt2tURSmf9RYfi1-evlR0EK-VZ4mOi_5CL-17IR4bCxdFFLsdBqQD3w1rsxPcZlLxHjgJY0r2LuDnDDBxwjQaZWMq8G_juiXBufjaPYdXkTZZ-79WI631pJ1FSl93VsnNUgeDapRNWyEipyEO6CcYUq-MxkNqHnPRa3YEw6k2C5N0Krv3q3-XaaHwO0j65VUmPTRWE_GQXgFpv_bo28fVc_-FE6ajg3Pkr__Lx4oQYMlP54CSwKqJ5C1CfRUrvahUg"
}
Decoded Response Example (JWT Payload, from Scheme Owner)
{
  "party_id": "EU.EORI.NL000000000",
  "ishare_roles": [
    {
      "role": "Scheme Owner"
    }
  ],
  "supported_versions": [
    {
      "version": "1.7",
      "supported_features": [
        {
          "public": [
            {          
              "id": "3695C273-3CA8-482A-BD1C-185AF2FFF13E",
              "feature": "capabilities",
              "description": "Retrieves iSHARE capabilities",
              "url": "https://so.ishareworks.org/capabilities",
              "token_endpoint": "https://so.ishareworks.org/connect/token"
           },
           {          
              "id": "E7EDE2CC-AA82-4563-B4E3-BE6268A4FBD8",
              "feature": "access token",
              "description": "Obtains access token",
              "url": "https://so.ishareworks.org/connect/token"
           },
           {          
              "id": "553071DC-D447-4880-846E-A61B16E123A4",
              "feature": "parties information",
              "description": "Obtains information on iSHARE parties",
              "url": "https://so.ishareworks.org/parties",
              "token_endpoint": "https://so.ishareworks.org/connect/token"
           }
          ]
        }
      ]
    }
  ]
}

Scheme Owner

Obtains access token

POST /scheme_owner/connect/token

Used to obtain an OAuth access token from the Scheme Owner. The format of access_token is not defined by this specification. They are left to the server and should be opaque to the Service Consumer. Refer to the iSHARE OAuth 2.0 documentation on the Technical Agreements page for additional information on the expected values from this access token request body.

grant_type
in formData
string

OAuth 2.0 grant type. MUST contain "client_credentials"

scope
in formData
string

OAuth 2.0 scope. Defaults to "iSHARE", indicating all rights of the Service Consumer are requested. Other values allow the Service Consumer to get tokens that do not include all rights the Service Consumer has.

client_id
in formData
string

OpenID Connect 1.0 client ID. Used in iSHARE for all client identification for OAuth/OpenID Connect. MUST contain a valid iSHARE identifier of the Service Consumer

client_assertion_type
in formData
string

OpenID Connect 1.0 client assertion type. Used in iSHARE for all client identification for OAuth/OpenID Connect. MUST contain "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"

client_assertion
in formData
string

OpenID Connect 1.0 client assertion. Used in iSHARE for all client identification for OAuth/OpenID Connect. MUST contain JWT token conform iSHARE specifications, signed by the client.

Request body Example application/x-www-form-urlencoded
grant_type=client_credentials&scope=iSHARE&client_id=EU.EORI.NL000000001&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&client_assertion=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlFZ1RDQ0FtbWdBd0lCQWdJSU45VmlDRGkzQndzd0RRWUpLb1pJaHZjTkFRRUxCUUF3U0RFWk1CY0dBMVVFQXd3UWFWTklRVkpGVkdWemRFTkJYMVJNVXpFTk1Bc0dBMVVFQ3d3RVZHVnpkREVQTUEwR0ExVUVDZ3dHYVZOSVFWSkZNUXN3Q1FZRFZRUUdFd0pPVERBZUZ3MHhPVEF5TVRVeE1UUTJNVFZhRncweU1UQXlNVFF4TVRRMk1UVmFNRUl4RlRBVEJnTlZCQU1NREVGQ1F5QlVjblZqYTJsdVp6RWNNQm9HQTFVRUJSTVRSVlV1UlU5U1NTNU9UREF3TURBd01EQXdNVEVMTUFrR0ExVUVCaE1DVGt3d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMwTzRoVWhEK1ZvT0tWSVpTTk1OVGZ6YzBPMmtZaitaenBRRUFCWkd0UHR5MGtLUEplcDArbzV4c3RvdTFLK1V4dkhmeEVwSHhIR1RkdHFadWMyOExoVTRDZUNnb2VETURUK0NIUzNOb3NpRVNRTXdoL1paZVRjOS9lS0NvNTY5R0NuKzJYdFRpR1NwQlN3TVNXcU5IZ3BBWllLZEhyVC9rRU1JeVRLb2F1dWlLUThjVXA3b3c3bVp6LzlLK3FWM3M5TDAzMFc4SWF3TEpCSksvMmFwQXQ1amgxajQvbUY3ZjBxOHpoemhyQzh2MDFQTGxaZHVUempqQnJlN216K3lpL3ZsWXovZWFwMGVZVGpoeElhdHlWOUZGd2xtaTRGQzFDTmNNdExoOG5zaUpvZTVjQm0xM0xLYlFGdTNHWUg3Nm9lTFp2V3FiUGJwMTFteGxIYS9LZEFnTUJBQUdqZFRCek1Bd0dBMVVkRXdFQi93UUNNQUF3SHdZRFZSMGpCQmd3Rm9BVUZqem5JT25XbE84ZjVhTHh1UHkrNnQ4c040RXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUhBd0V3SFFZRFZSME9CQllFRkFQSCs4VXJZaVZMWGFLUFJHZmxrQStjdXNRN01BNEdBMVVkRHdFQi93UUVBd0lGb0RBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQVlsNXRXSDBZdFlTOUp5cXlsWkpXb21BNTVTaEtsbGFCUmN2cm82Q0h4bGxKV0hvMHFDOVpUTWN2Q3l3TXYxNFZKeVFkNmVGWnFjVnRPbHVHclJaQmtsSDlBYW5rb3ZwMkpMYXFjRDc5dDFDeXVYWm5JelRGbC9Ca01zRTZ3bEFKWFkvc2Fybm94ZWllalA0RS9FZi8wZXVJRnZCYUlDQ0YrS2QyV0pZYmJuMFd5MGRINDg0UUpiSHlNdFZmcjQyb0lwVU5WdUxTdTg0eUtZQWVtOUpCdVlUcDNZMEsyaGlFQVcvYk9LRHZ2SGV0VmY1ZnU2NnlmZWtEWDUzajNOS2lGSkNYUzJyS0lab0R1TUZ1eHBTeVZrUzJrYldrMSs1Sm95N3FPU05BTlJGUGxwSGNnekxRWnA4SHJndmhzbWhJdDFWVFZZa3l4Y2Q4cVhBbGh3cVZnT3E1TmdMeGtxdWw5aE5NR2lNN3NxK0g3M1EvRmk4aWY3Z1A4SVZBU3pRR3d1SGcyWjg3aWI2QTJ2b24wZlJKWnEzZkl1YkhveEk2M0FUd2ZjUks4NnkxNzJ4YkZFM1ZVMGR1TjF0STVaMFRDZzBHQUpZdEpwYm52ZXhJdDVsazVGSWs0VGh2UjBMOG1OTHkxRFVhMTFOK0VNeGtxYmZxbFR1ckI4WmczQ1kvUWFTS21YWTVDTVV3V2VFQlhSSGh5ZmtaUTVqUFBVSHJGYW95T1JYOHAxRXJZRGt0QjFLOW80am11RVZwQjMzY3ZnWUJFaUF5VjV6NDQyNkZ1VkNNYkhhRkRWN2lLVzllQmxYb3hlWm80WFg4K2pYeVNMNUdXOFh3TlJUSzVjNHZXMDJRM1ZKeVlWZTV1bWVzdHNLUStMUjhpQXpvVVNyZUsxOCtKa0FqQUpVPSJdfQ.eyJpc3MiOiJFVS5FT1JJLk5MMDAwMDAwMDAxIiwic3ViIjoiRVUuRU9SSS5OTDAwMDAwMDAwMSIsImp0aSI6ImE1MjJjZWZkNGNmNjQyMWE4ZGUzOGJjYjBjMDhlYjliIiwiaWF0IjoxNTU2MDM0NzM0LCJuYmYiOjE1NTYwMzQ3MzQsImV4cCI6MTU1NjAzNDc2NCwiYXVkIjoiRVUuRU9SSS5OTDAwMDAwMDAwMCJ9.SU59EXhAukbDVP0Y8Yb_1-5Za7QCgAtgq_bh9qRKNY0t3P7nodr2b6ue2DqmIZ_bvysC77zX01QCiCCT3vT7iU4ee4HINMP9gsujoNC0L1ONL2twoJeE91hWUke8dBL9m_ipP0x5-XivQAdS9vJTHQu1A_m5VB0O_XD4JGLwrwjD2d-UE4Fhyy4ilKSPKFpqhoAi2qPkmonZki-RaYoPkrq49LW_v8OVKW7yFJvEDIwph0hEcWxl0udyeu3Cy35NWMnLZdu6gp2f4yxOq3FPrufO5bT0aihioI04V8avggzVJdVcrDTK9Q0Hzhs-22VamkncUZqPvRmo_uwypNHFBg
Request body Example formatted for visibility

  {
  "grant_type": "client_credentials",
  "scope": "iSHARE",
  "client_id": "EU.EORI.NL000000001",
  "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
  "client_assertion": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlFZ1RDQ0FtbWdBd0lCQWdJSU45VmlDRGkzQndzd0RRWUpLb1pJaHZjTkFRRUxCUUF3U0RFWk1CY0dBMVVFQXd3UWFWTklRVkpGVkdWemRFTkJYMVJNVXpFTk1Bc0dBMVVFQ3d3RVZHVnpkREVQTUEwR0ExVUVDZ3dHYVZOSVFWSkZNUXN3Q1FZRFZRUUdFd0pPVERBZUZ3MHhPVEF5TVRVeE1UUTJNVFZhRncweU1UQXlNVFF4TVRRMk1UVmFNRUl4RlRBVEJnTlZCQU1NREVGQ1F5QlVjblZqYTJsdVp6RWNNQm9HQTFVRUJSTVRSVlV1UlU5U1NTNU9UREF3TURBd01EQXdNVEVMTUFrR0ExVUVCaE1DVGt3d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMwTzRoVWhEK1ZvT0tWSVpTTk1OVGZ6YzBPMmtZaitaenBRRUFCWkd0UHR5MGtLUEplcDArbzV4c3RvdTFLK1V4dkhmeEVwSHhIR1RkdHFadWMyOExoVTRDZUNnb2VETURUK0NIUzNOb3NpRVNRTXdoL1paZVRjOS9lS0NvNTY5R0NuKzJYdFRpR1NwQlN3TVNXcU5IZ3BBWllLZEhyVC9rRU1JeVRLb2F1dWlLUThjVXA3b3c3bVp6LzlLK3FWM3M5TDAzMFc4SWF3TEpCSksvMmFwQXQ1amgxajQvbUY3ZjBxOHpoemhyQzh2MDFQTGxaZHVUempqQnJlN216K3lpL3ZsWXovZWFwMGVZVGpoeElhdHlWOUZGd2xtaTRGQzFDTmNNdExoOG5zaUpvZTVjQm0xM0xLYlFGdTNHWUg3Nm9lTFp2V3FiUGJwMTFteGxIYS9LZEFnTUJBQUdqZFRCek1Bd0dBMVVkRXdFQi93UUNNQUF3SHdZRFZSMGpCQmd3Rm9BVUZqem5JT25XbE84ZjVhTHh1UHkrNnQ4c040RXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUhBd0V3SFFZRFZSME9CQllFRkFQSCs4VXJZaVZMWGFLUFJHZmxrQStjdXNRN01BNEdBMVVkRHdFQi93UUVBd0lGb0RBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQVlsNXRXSDBZdFlTOUp5cXlsWkpXb21BNTVTaEtsbGFCUmN2cm82Q0h4bGxKV0hvMHFDOVpUTWN2Q3l3TXYxNFZKeVFkNmVGWnFjVnRPbHVHclJaQmtsSDlBYW5rb3ZwMkpMYXFjRDc5dDFDeXVYWm5JelRGbC9Ca01zRTZ3bEFKWFkvc2Fybm94ZWllalA0RS9FZi8wZXVJRnZCYUlDQ0YrS2QyV0pZYmJuMFd5MGRINDg0UUpiSHlNdFZmcjQyb0lwVU5WdUxTdTg0eUtZQWVtOUpCdVlUcDNZMEsyaGlFQVcvYk9LRHZ2SGV0VmY1ZnU2NnlmZWtEWDUzajNOS2lGSkNYUzJyS0lab0R1TUZ1eHBTeVZrUzJrYldrMSs1Sm95N3FPU05BTlJGUGxwSGNnekxRWnA4SHJndmhzbWhJdDFWVFZZa3l4Y2Q4cVhBbGh3cVZnT3E1TmdMeGtxdWw5aE5NR2lNN3NxK0g3M1EvRmk4aWY3Z1A4SVZBU3pRR3d1SGcyWjg3aWI2QTJ2b24wZlJKWnEzZkl1YkhveEk2M0FUd2ZjUks4NnkxNzJ4YkZFM1ZVMGR1TjF0STVaMFRDZzBHQUpZdEpwYm52ZXhJdDVsazVGSWs0VGh2UjBMOG1OTHkxRFVhMTFOK0VNeGtxYmZxbFR1ckI4WmczQ1kvUWFTS21YWTVDTVV3V2VFQlhSSGh5ZmtaUTVqUFBVSHJGYW95T1JYOHAxRXJZRGt0QjFLOW80am11RVZwQjMzY3ZnWUJFaUF5VjV6NDQyNkZ1VkNNYkhhRkRWN2lLVzllQmxYb3hlWm80WFg4K2pYeVNMNUdXOFh3TlJUSzVjNHZXMDJRM1ZKeVlWZTV1bWVzdHNLUStMUjhpQXpvVVNyZUsxOCtKa0FqQUpVPSJdfQ.eyJpc3MiOiJFVS5FT1JJLk5MMDAwMDAwMDAxIiwic3ViIjoiRVUuRU9SSS5OTDAwMDAwMDAwMSIsImp0aSI6ImE1MjJjZWZkNGNmNjQyMWE4ZGUzOGJjYjBjMDhlYjliIiwiaWF0IjoxNTU2MDM0NzM0LCJuYmYiOjE1NTYwMzQ3MzQsImV4cCI6MTU1NjAzNDc2NCwiYXVkIjoiRVUuRU9SSS5OTDAwMDAwMDAwMCJ9.SU59EXhAukbDVP0Y8Yb_1-5Za7QCgAtgq_bh9qRKNY0t3P7nodr2b6ue2DqmIZ_bvysC77zX01QCiCCT3vT7iU4ee4HINMP9gsujoNC0L1ONL2twoJeE91hWUke8dBL9m_ipP0x5-XivQAdS9vJTHQu1A_m5VB0O_XD4JGLwrwjD2d-UE4Fhyy4ilKSPKFpqhoAi2qPkmonZki-RaYoPkrq49LW_v8OVKW7yFJvEDIwph0hEcWxl0udyeu3Cy35NWMnLZdu6gp2f4yxOq3FPrufO5bT0aihioI04V8avggzVJdVcrDTK9Q0Hzhs-22VamkncUZqPvRmo_uwypNHFBg",
  }
200 OK
access_token

string

token_type

string

expires_in

integer

Response Example (200 OK)
{
  "access_token""eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1NTYwMjEyOTUsImV4cCI6MTU1NjAyNDg5NSwiaXNzIjoiaHR0cHM6Ly9zY2hlbWUuaXNoYXJldGVzdC5uZXQvIiwiYXVkIjoiRVUuRU9SSS5OTDAwMDAwMDAwMCIsImNsaWVudF9pZCI6IkVVLkVPUkkuTkwwMDAwMDAwMDEiLCJzY29wZSI6WyJpU0hBUkUiXX0.vk4aRhGKxqpX7TrdfBS6xP0mL1V7ZmNNF-6eQDRhcCHK4Y5j0zzMxKE6GkRQjf0pBeOupPENJJGQCk6pp9jqbxWJ7RxHqSmS_9NVd5sC98SyEszuiFqkyQi_ff7LbvJ5d2ZVN8u1w_VeszpIUin2wZqi20WBi1M35zrHumBYHfRFWdgh0XpBuzgIzAZ40ujLWvyz3Tl4MALiRxOI5uBsLferE7YR8cmRjfMR4od7U33ZB5SKvp0qlIEVvEkWrzlAXeSkHyMMePfmWXVimxsIQbqlRFh6EBdIUv4S3EIh_aW2ys9NGE8RjHPZ4mytQivkWJO5HGQCYJ7VyMBGGDLIOw",
  "token_type": "Bearer",
  "expires_in": 3600
}

Retrieves iSHARE capabilities

GET /capabilities

Retrieves the iSHARE capabilities (supported versions & optional features) of the iSHARE Scheme Owner. Server response is an iSHARE signed JSON Web Token. Please refer to the models ‘jwt_header’ and ‘jwt_payload_capabilities’ which indicate what the decoded response will look like.

Will only return the public endpoints if no access token is provided. For more information see the Technical Agreements page.

Authorization
in header
string

Oauth 2.0 authorisation based on bearer token. MUST contain "Bearer " + access token value

Request Example (In Header)
{
  "Authorization":"Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1NTYwMTYyNjIsImV4cCI6MTU1NjAxOTg2MiwiaXNzIjoiaHR0cHM6Ly9zY2hlbWUuaXNoYXJldGVzdC5uZXQvIiwiYXVkIjoiRVUuRU9SSS5OTDAwMDAwMDAwMCIsImNsaWVudF9pZCI6IkVVLkVPUkkuTkwwMDAwMDAwMDEiLCJzY29wZSI6WyJpU0hBUkUiXX0.Yy8lJhCsOC1tU_A6bLQvWF6Ydm_XsH80HcOHPri6YJKUMU_fJUvZs6hnitgtwAHuTDPn5Ngdir6W4HhVTI8XSWerbJzdmbYKg5q8YDMo1QG3K_Dsu_Z6KLI91kMauFx_skx79z-kC-t_V0CSBRThq_Ij08qMmVkbWWpj6x0sJ1P7Pd0A1otYoOjSfYRRtTAm1IsJXHuAIe7lErR4uuQr8uKlljPIUh69kl5NAtj8l31uR1Kuqp1KfzZUeEPFM0m1efhK609Tjq4sxn8PG5HMthkc2snO8BcI53FYWuQ71txFEaCxTHYQipUhcxWVUczDjIosW9eKYVD7O6r1th0cVw"
}
capabilities_token

string

Response Example (200 OK)
{
  "capabilities_token":"eyJ4NWMiOlsiTUlJSTZEQ0NCdENnQXdJQkFnSVVLVm1hcWhmSEE2NGJ3dElWSGplRkUrUlVWdm93RFFZSktvWklodmNOQVFFTEJRQXdnWUl4Q3pBSkJnTlZCQVlUQWs1TU1TQXdIZ1lEVlFRS0RCZFJkVzlXWVdScGN5QlVjblZ6ZEd4cGJtc2dRaTVXTGpFWE1CVUdBMVVFWVF3T1RsUlNUa3d0TXpBeU16YzBOVGt4T0RBMkJnTlZCQU1NTDFGMWIxWmhaR2x6SUZCTFNXOTJaWEpvWldsa0lFOXlaMkZ1YVhOaGRHbGxJRk5sY25abGNpQkRRU0F0SUVjek1CNFhEVEU1TURNd05EQTRNakkxTkZvWERUSXhNRE13TkRBNE16SXdNRm93Z1p3eEhUQWJCZ05WQkFVVEZEQXdNREF3TURBek56TXdOVGd5T0Rrd01EQXdNUXN3Q1FZRFZRUUdFd0pPVERFV01CUUdBMVVFQ0F3TlRtOXZjbVF0U0c5c2JHRnVaREVTTUJBR0ExVUVCd3dKUVcxemRHVnlaR0Z0TVNRd0lnWURWUVFLREJ0VGRHbGphSFJwYm1jZ2FWTklRVkpGSUVadmRXNWtZWFJwYjI0eEhEQWFCZ05WQkFNTUUzZDNkeTVwYzJoaGNtVjNiM0pyY3k1dmNtY3dnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFETzI5SzY3ZkkrL1FJbFdGemNNa09qUWF2QUxzR2dxcHQyaytYM1hWOWVWM0JLeFB4QXVRbWpDNkVON2xFWktoMTdnMGcyejVVT3lRaFBwQ0JBaHhKbVUyeFdWajlhVWh6OW8ySWh5dUVRSk5XNTlmWmlVQW1DWW5OMWV6NkR0VjhSZ3JlWktIM1FTNGowT2xpdWtnVlo2NldidkQ3QlpiNVVGSjEvUXZnbXcyc0VJV0VlSHFGMzF5WHhsellUdW54TFFjM1pxRVdFOUVwWnNROCtYbVVvMGlaQm9WWnBEVE92cXZDdWd2QjB2QXdFd2IvdHJmQlR0M2xwVjU5ZzVtL1JqeWhOcmVpR0h4Y2lvRGkzeGxObnc1end1YXRzWTJsRStHM1hpSFhJN2tMOEprckUrOCtTWkhId1Y3aC8weXVrbWtsM2dWTVNDeFZpWHp1T0xZSFpBZ01CQUFHamdnUTRNSUlFTkRBZkJnTlZIU01FR0RBV2dCUzM2ZERwLzJjTzJad01CeTZYMUg1TGVYajBJREI3QmdnckJnRUZCUWNCQVFSdk1HMHdQQVlJS3dZQkJRVUhNQUtHTUdoMGRIQTZMeTkwY25WemRDNXhkVzkyWVdScGMyZHNiMkpoYkM1amIyMHZjR3RwYjNObGNuWmxjbWN6TG1OeWREQXRCZ2dyQmdFRkJRY3dBWVloYUhSMGNEb3ZMM05zTG05amMzQXVjWFZ2ZG1Ga2FYTm5iRzlpWVd3dVkyOXRNRU1HQTFVZEVRUThNRHFDRTNkM2R5NXBjMmhoY21WM2IzSnJjeTV2Y21lQ0VuTnZMbWx6YUdGeVpYZHZjbXR6TG05eVo0SVBhWE5vWVhKbGQyOXlhM011YjNKbk1JSUJPZ1lEVlIwZ0JJSUJNVENDQVMwd2dnRWZCZ3BnaEJBQmgyc0JBZ1VHTUlJQkR6QTBCZ2dyQmdFRkJRY0NBUllvYUhSMGNEb3ZMM2QzZHk1eGRXOTJZV1JwYzJkc2IySmhiQzVqYjIwdmNtVndiM05wZEc5eWVUQ0IxZ1lJS3dZQkJRVUhBZ0l3Z2NrTWdjWlNaV3hwWVc1alpTQnZiaUIwYUdseklHTmxjblJwWm1sallYUmxJR0o1SUdGdWVTQndZWEowZVNCaGMzTjFiV1Z6SUdGalkyVndkR0Z1WTJVZ2IyWWdkR2hsSUhKbGJHVjJZVzUwSUZGMWIxWmhaR2x6SUVObGNuUnBabWxqWVhScGIyNGdVSEpoWTNScFkyVWdVM1JoZEdWdFpXNTBJR0Z1WkNCdmRHaGxjaUJrYjJOMWJXVnVkSE1nYVc0Z2RHaGxJRkYxYjFaaFpHbHpJSEpsY0c5emFYUnZjbmtnS0doMGRIQTZMeTkzZDNjdWNYVnZkbUZrYVhObmJHOWlZV3d1WTI5dEtTNHdDQVlHWjRFTUFRSUNNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01DQmdnckJnRUZCUWNEQVRBL0JnTlZIUjhFT0RBMk1EU2dNcUF3aGk1b2RIUndPaTh2WTNKc0xuRjFiM1poWkdseloyeHZZbUZzTG1OdmJTOXdhMmx2YzJWeWRtVnlaek11WTNKc01CMEdBMVVkRGdRV0JCUlQ0c0xrY1lpdzNUblpWMHJCL1h0NVJIV1JHekFPQmdOVkhROEJBZjhFQkFNQ0JhQXdnZ0dBQmdvckJnRUVBZFo1QWdRQ0JJSUJjQVNDQVd3QmFnQjNBRzlUZHF3eDhERVoySmtBcEZFVi8zY1ZIQkhaQXNFQUtRYU5zZ2lhTjlrVEFBQUJhVWZWbkJVQUFBUURBRWd3UmdJaEFMSGlreW8wdkhUSnU1TXdua0RaWXkyTm9LSGlMZFgwMnV5dXZ1UVIvTWIzQWlFQTdsUVcrbDl3VUhzRGFxaXBCTGNGVXRCRnZPMm54d3VnazdBWnlIMzVCMDBBZHdEdVM3MjNkYzVndXVGQ2FSK3I0WjVtb3c5K1g3QnkySU1BeEh1SmVxajl5d0FBQVdsSDFacXlBQUFFQXdCSU1FWUNJUUNYYnpaOStHYzUwVXVVVTlCT1FSaE90NXEvS3oxU1FKK0xDUi9yUzBwYld3SWhBSXdXbCtDbE52U05nSGFsUWNhYkh4YTVCc0hUUDAvZmQ5VHA0SmY5OWVQeUFIWUFWWUhVd2hhUU5nRks2Z3ViVnp4VDhNRGtPSGh3SlFnWEw2T3FIUWNUMHd3QUFBRnBSOVdhK0FBQUJBTUFSekJGQWlFQStJeXR1U3l6S0puU2lVZXVCbG1VbkQwV3c0eFE2UWF3M3JheEVzUm9ITW9DSUJ3RlRRS0hZSUk1VXViTlZ4Vk8zN3FaZTJaZmY5Z1luMDllaW5Zb1dvNXdNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUNUWklTK1B0bFFBS2l4WVo0c3h6YWZIQmFCdldsUlJVdTJaRWxHVFVmWmVQOFp0Q3lyOFJkaVNGZ0x5RlB5WXJ6Q2lUQW9SNFg1ZXFrRUhtbUUwN1pZdmVPTWhmaGoxS2thaVJ4d3l6VlFUeTQzaEZlSGQrMFdDODFnT1dVT3dlWnYyUE5BclYyUVByT2hEKzMxTTV6WEY0UzNCcFVRdXRBYUlScGZtazRYNkxFNk5iM3lUendaVzRtYVFkV1dZZlhEc3ozSUlNSm5xS2xtRTJWV0JrNGhGeW5HN0pySUYwc2NZMnNWN0djbHJ6NFlqcERnMXhzVndhcHpMdnVjNW1HcHVjeGhIaEJwLzI2d2Z3dVVGSDVKdThOVlFVYzcyL2xCYkNSZEVPVFQ5eTdTUWdDVXFEa0dsYnNsc0Qzc1JsMWd4NTNhQ0JCWG9WTVdWdHpaaEd0WkVZdTNtNWtQV1dpQkNZY3BtVFdWTFZ1dnRCUHRWZ1VXNEJtU3FkSUZRbWpjMmZvaG05aXJKNmRiemU5V2t6N3NDMG9KbHJ3Y1ltZE5IeG5kTHd6eWdPbWFKeXNyRzVTZHNlcHE5TTNtdHYzdHBLOFp4OGd1N1VSODI4L2FvRTlZeXNXMThrZWNVRjBybytBZEZhb1crWEhsQmJzQXdVSXBsZ1VqK1lySW01MElnSzlFcUtHMzk0eEUvUmk3ODkyOVNHYzJtT2FsenRUYmp5UGoyYmJ2UEpTempHTGU3R0d2cGd0UFFDYjE0N1oyZ2JjT0ZSU1hySU5JUlpCOG5LY1JueHJmQmpYTFRxV1pQSVZCR0tXb1REeU1qM1ltVWdUVlI0M3JmcHkwOEpyRFU1MmMwbWtlWFQ5WW84OGNnd2pudFBzQ2lkR29JTUFwMHdLa2RpMjV2QT09Il0sImFsZyI6IlJTMjU2IiwidHlwIjoiSldUIn0.eyJpc3MiOiJFVS5FT1JJLk5MMDAwMDAwMDAwIiwic3ViIjoiRVUuRU9SSS5OTDAwMDAwMDAwMCIsImp0aSI6ImRkNjMxMGU5YmIwMTRmMTQ4ZDA3ODYxN2RlOTA1ZWYyIiwiaWF0IjoxNTU2MDE2OTQwLCJleHAiOjE1NTYwMTY5NzAsImNhcGFiaWxpdGllc19pbmZvIjp7InBhcnR5X2lkIjoiRVUuRU9SSS5OTDAwMDAwMDAwMCIsImlzaGFyZV9yb2xlcyI6W3sicm9sZSI6IlNjaGVtZSBPd25lciJ9XSwic3VwcG9ydGVkX3ZlcnNpb25zIjpbeyJ2ZXJzaW9uIjoiMS43Iiwic3VwcG9ydGVkX2ZlYXR1cmVzIjpbeyJwdWJsaWMiOlt7ImlkIjoiMzY5NUMyNzMtM0NBOC00ODJBLUJEMUMtMTg1QUYyRkZGMTNFIiwiZmVhdHVyZSI6ImNhcGFiaWxpdGllcyIsImRlc2NyaXB0aW9uIjoiUmV0cmlldmVzIGlTSEFSRSBjYXBhYmlsaXRpZXMiLCJ1cmwiOiJodHRwczovL3NvLmlzaGFyZXdvcmtzLm9yZy9jYXBhYmlsaXRpZXMiLCJ0b2tlbl9lbmRwb2ludCI6Imh0dHBzOi8vc28uaXNoYXJld29ya3Mub3JnL2Nvbm5lY3QvdG9rZW4ifSx7ImlkIjoiRTdFREUyQ0MtQUE4Mi00NTYzLUI0RTMtQkU2MjY4QTRGQkQ4IiwiZmVhdHVyZSI6ImFjY2VzcyB0b2tlbiIsImRlc2NyaXB0aW9uIjoiT2J0YWlucyBhY2Nlc3MgdG9rZW4iLCJ1cmwiOiJodHRwczovL3NvLmlzaGFyZXdvcmtzLm9yZy9jb25uZWN0L3Rva2VuIn0seyJpZCI6IjU1MzA3MURDLUQ0NDctNDg4MC04NDZFLUE2MUIxNkUxMjNBNCIsImZlYXR1cmUiOiJwYXJ0aWVzIGluZm9ybWF0aW9uIiwiZGVzY3JpcHRpb24iOiJPYnRhaW5zIGluZm9ybWF0aW9uIG9uIGlTSEFSRSBwYXJ0aWVzIiwidXJsIjoiaHR0cHM6Ly9zby5pc2hhcmV3b3Jrcy5vcmcvcGFydGllcyIsInRva2VuX2VuZHBvaW50IjoiaHR0cHM6Ly9zby5pc2hhcmV3b3Jrcy5vcmcvY29ubmVjdC90b2tlbiJ9LHsiaWQiOiJGOTRDMUU2Ni1FREJDLTQ5Q0EtODE4Ny01M0RGOEUwNjRGMTgiLCJmZWF0dXJlIjoicGFydHkgaW5mb3JtYXRpb24iLCJkZXNjcmlwdGlvbiI6Ik9idGFpbnMgaW5mb3JtYXRpb24gb24gaVNIQVJFIHBhcnR5IiwidXJsIjoiaHR0cHM6Ly9zby5pc2hhcmV3b3Jrcy5vcmcvcGFydGllcy97cGFydHlJZH0iLCJ0b2tlbl9lbmRwb2ludCI6Imh0dHBzOi8vc28uaXNoYXJld29ya3Mub3JnL2Nvbm5lY3QvdG9rZW4ifSx7ImlkIjoiQjkzRjk1NUItQTdGQy00OTVGLTkxQjctQjFDNDFDOTBFNEQ1IiwiZmVhdHVyZSI6InRydXN0ZWRfbGlzdCIsImRlc2NyaXB0aW9uIjoiT2J0YWlucyBsaXN0IG9mIGlTSEFSRSB0cnVzdGVkIENlcnRpZmljYXRlIEF1dGhvcml0aWVzIiwidXJsIjoiaHR0cHM6Ly9zby5pc2hhcmV3b3Jrcy5vcmcvdHJ1c3RlZF9saXN0IiwidG9rZW5fZW5kcG9pbnQiOiJodHRwczovL3NvLmlzaGFyZXdvcmtzLm9yZy9jb25uZWN0L3Rva2VuIn1dfV19XX19.FA2LxcFMGy2m0MkrLuO0aeUgw2m8o0v-GdYAxe0qyBh6c0td8xNu5B4EI9YUzoAezlVcc13fvLSfsilfAAoHCt2tURSmf9RYfi1-evlR0EK-VZ4mOi_5CL-17IR4bCxdFFLsdBqQD3w1rsxPcZlLxHjgJY0r2LuDnDDBxwjQaZWMq8G_juiXBufjaPYdXkTZZ-79WI631pJ1FSl93VsnNUgeDapRNWyEipyEO6CcYUq-MxkNqHnPRa3YEw6k2C5N0Krv3q3-XaaHwO0j65VUmPTRWE_GQXgFpv_bo28fVc_-FE6ajg3Pkr__Lx4oQYMlP54CSwKqJ5C1CfRUrvahUg"
}
Decoded Response Example (JWT Payload)
{
  "party_id": "EU.EORI.NL000000000",
  "ishare_roles": [
    {
      "role": "Scheme Owner"
    }
  ],
  "supported_versions": [
    {
      "version": "1.7",
      "supported_features": [
        {
          "public": [
            {          
              "id": "3695C273-3CA8-482A-BD1C-185AF2FFF13E",
              "feature": "capabilities",
              "description": "Retrieves iSHARE capabilities",
              "url": "https://scheme.isharetest.net/capabilities",
              "token_endpoint": "https://scheme.isharetest.net/connect/token"
           },
           {          
              "id": "E7EDE2CC-AA82-4563-B4E3-BE6268A4FBD8",
              "feature": "access token",
              "description": "Obtains access token",
              "url": "https://scheme.isharetest.net/connect/token"
           },
           {          
              "id": "553071DC-D447-4880-846E-A61B16E123A4",
              "feature": "parties information",
              "description": "Obtains information on iSHARE parties",
              "url": "https://scheme.isharetest.net/parties",
              "token_endpoint": "https://scheme.isharetest.net/connect/token"
           }
          ]
        }
      ]
    }
  ]
}

Obtains information on iSHARE parties

GET /parties

Used to obtain information on iSHARE participants from the iSHARE Scheme owner. Should be used to verify the status of an iSHARE participant. Furthermore offers limited search functionality through 'name' and 'eori' parameters, and 'certified_only' and 'active_only' booleans (which enables the restricion to certified parties only and active parties only). Server response is an iSHARE signed JSON Web Token. Please refer to the models ‘jwt_header’ and and ‘jwt_payload_parties’ which indicate what the decoded response will look like.

Authorization
in header
string

Oauth 2.0 authorization based on bearer token. MUST contain ”Bearer” + access token value

name
in query
string

Optional parameter used to search by party's name. Can contain a single * as wildcard.

eori
in query
string

Optional parameter used to search by party's EORI. Can contain a single * as wildcard.

certified_only
in query
boolean

Optional parameter used to search all certified parties.

active_only
in query
boolean

Optional parameter used to search all active parties.

certificate_subject_name
in query
string

subjectName as encoded in the X.509 certificate which corresponds with the party_id that is being requested from the Scheme Owner. Used by the Scheme Owner to match the certificate identifier and party_id. Only returns info if combined with the valid eori associated to it.

page
in query
integer

Optional parameter used for navigation in case the result contains more than 10 parties.

date_time
in query
string

Date time for which the information is requested. If provided the result becomes final and therefore MUST be cacheable.

Request Example (Requesting info on Warehouse 13)


Query:
/parties?eori=EU.EORI.NL000000003
Header
{ "Authorization":"Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1NTYwMTYyNjIsImV4cCI6MTU1NjAxOTg2MiwiaXNzIjoiaHR0cHM6Ly9zY2hlbWUuaXNoYXJldGVzdC5uZXQvIiwiYXVkIjoiRVUuRU9SSS5OTDAwMDAwMDAwMCIsImNsaWVudF9pZCI6IkVVLkVPUkkuTkwwMDAwMDAwMDEiLCJzY29wZSI6WyJpU0hBUkUiXX0.Yy8lJhCsOC1tU_A6bLQvWF6Ydm_XsH80HcOHPri6YJKUMU_fJUvZs6hnitgtwAHuTDPn5Ngdir6W4HhVTI8XSWerbJzdmbYKg5q8YDMo1QG3K_Dsu_Z6KLI91kMauFx_skx79z-kC-t_V0CSBRThq_Ij08qMmVkbWWpj6x0sJ1P7Pd0A1otYoOjSfYRRtTAm1IsJXHuAIe7lErR4uuQr8uKlljPIUh69kl5NAtj8l31uR1Kuqp1KfzZUeEPFM0m1efhK609Tjq4sxn8PG5HMthkc2snO8BcI53FYWuQ71txFEaCxTHYQipUhcxWVUczDjIosW9eKYVD7O6r1th0cVw" }
Request Example (validating certificate of ABC Trucking)


Query:
/parties?eori=EU.EORI.NL000000001&certificate_subject_name=C=NL, SERIALNUMBER=EU.EORI.NL000000001, CN=ABC Trucking
Header
{ "Authorization":"Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1NTYwMTYyNjIsImV4cCI6MTU1NjAxOTg2MiwiaXNzIjoiaHR0cHM6Ly9zY2hlbWUuaXNoYXJldGVzdC5uZXQvIiwiYXVkIjoiRVUuRU9SSS5OTDAwMDAwMDAwMCIsImNsaWVudF9pZCI6IkVVLkVPUkkuTkwwMDAwMDAwMDEiLCJzY29wZSI6WyJpU0hBUkUiXX0.Yy8lJhCsOC1tU_A6bLQvWF6Ydm_XsH80HcOHPri6YJKUMU_fJUvZs6hnitgtwAHuTDPn5Ngdir6W4HhVTI8XSWerbJzdmbYKg5q8YDMo1QG3K_Dsu_Z6KLI91kMauFx_skx79z-kC-t_V0CSBRThq_Ij08qMmVkbWWpj6x0sJ1P7Pd0A1otYoOjSfYRRtTAm1IsJXHuAIe7lErR4uuQr8uKlljPIUh69kl5NAtj8l31uR1Kuqp1KfzZUeEPFM0m1efhK609Tjq4sxn8PG5HMthkc2snO8BcI53FYWuQ71txFEaCxTHYQipUhcxWVUczDjIosW9eKYVD7O6r1th0cVw" }
parties_token

string

Response Example (200 OK)
{
  "parties_token":"eyJ4NWMiOlsiTUlJRWlEQ0NBbkNnQXdJQkFnSUllRElyZG5ZbzJuZ3dEUVlKS29aSWh2Y05BUUVMQlFBd1NERVpNQmNHQTFVRUF3d1FhVk5JUVZKRlZHVnpkRU5CWDFSTVV6RU5NQXNHQTFVRUN3d0VWR1Z6ZERFUE1BMEdBMVVFQ2d3R2FWTklRVkpGTVFzd0NRWURWUVFHRXdKT1REQWVGdzB4T1RBeU1UVXhNVFEyTlRoYUZ3MHlNVEF5TVRReE1UUTJOVGhhTUVreEhEQWFCZ05WQkFNTUUybFRTRUZTUlNCVFkyaGxiV1VnVDNkdVpYSXhIREFhQmdOVkJBVVRFMFZWTGtWUFVra3VUa3d3TURBd01EQXdNREF4Q3pBSkJnTlZCQVlUQWs1TU1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBMFJvb2hlUEwwMk52NEJaVEoza3A3bktzaHNtanJjcjhNQmFBaFFwWlpBc2dUQWxtUWlDVFBtM2M4cVlQcU4rVHVnZ0ZXQ05uKzlXNTRDNVVHcXNJd3RYVGszWWV4QXdaNG9qUlJ0bzhsMUhQRFZBUzZXdlc3NEFDTlpsRWdHd2pyQ0d5MitNNVFQN083d0IwVDZvRkJvZlJ3SFpHemdidFNiU1FodXF3VXhmMEdaSTh4QWwyL0dUSDI1VmZwOVQ3MUpFcG9aOWtzUDNDSWk1QkhrbGJUNUdLeEVPRmZkTU11cFg3bVduTlFiTHh1UXBBdEdDdW9yR2ZQRkU3RjVldkUxem9wd2NlQTVGc0UxTGFCUnF0K0VPcFBJbVNhalIwMmJjaEs5alM2bllFV3MvRlpHTHRKYWxsNUwzU25aTTZPaFd4TStsS0d6Rkt3NVRJWE45RE13SURBUUFCbzNVd2N6QU1CZ05WSFJNQkFmOEVBakFBTUI4R0ExVWRJd1FZTUJhQUZCWTg1eURwMXBUdkgrV2k4Ymo4dnVyZkxEZUJNQk1HQTFVZEpRUU1NQW9HQ0NzR0FRVUZCd01CTUIwR0ExVWREZ1FXQkJSZndpalQ3NWRJS1BsRkMvQ3RSRHFVS1g5VE5qQU9CZ05WSFE4QkFmOEVCQU1DQmFBd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFLNFBXVHEvZHF0Vm0rNFdDZDFLUUo0dGorbjRjY0lBWUxETXFZU0JKc042UTJjdE1SQy8rK3lNL293UEhCcmlUendXL2pvQXBOUGVaaDFJVFRnU3phMzhtM2h4b0RxMXV4NkhWR3lLNVFDUW9qRmRsZWM3dE9IbG1jYnV5VjRDRXlNWmJHK3lMbVZESTNxNTNWQVBnV3ZLSWkyUlVwc1BOdzJsbzZINjZ2SE5wNWZpcEIvdEU0Q0RsYS9UYU41MWxOM2xYT3c0bHRiWmJ6YmQ2TXhJbEVDUWZKSDVlUHJpcGFrSmhuaVZrWnZRVmthS0FlcFNYMGFEWUxPcFFRbmV0RFdab1ZKS0FzR0VMM0hMaWhxWXNEejcvQlQzRHdUMEtDNSs5OGdqR1p3dkx3ZXRKOTZLWFRBRTUwMmYzak95UDdERDZ1SytKS2d2UVp5dkk1L0V1cDBUdE5sUmZKeThhZDhweCszOG9JeEdBbGJzS29XbXowb2FNR0MrbFZHTlAyTTQ4TTdWa3RCVHB5bXF4Vnd0VGt2TVBqWldIS2xYdDJXMzNtTktHakpTOTVJNXZxT0tQV1NTc1dkSlJZSkNsbUVybWlkTlczMWxXQVZQcjFpU1M0SlhEdllQTENQNDRhNGVkMEdhV1pSdi9iK0QyK1FVZ09iOFN6bWpQdmYvMkdOdHFXUmR5WXRYWjl2eDAzNGkrWEYveWU4c2lOK1grd0ZIdFJ1bXRzd2Irc2NRZjRmVTZNaktCS1VzUERBUkFHakhqNXhIQkRqcTg0bmpHdVFjbDBoYlMzK1pTVjROcWtKSVVzMkxVdDlFdjFYN2FCNy85NUVYQWNnTlhkM0tQVm0zcDhORDc1QXFNMEZHUUVhUXlPd3FLY3FUQ2xKQ3VmR3NVWTRzN3JXUiJdLCJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJFVS5FT1JJLk5MMDAwMDAwMDAwIiwic3ViIjoiRVUuRU9SSS5OTDAwMDAwMDAwMCIsImp0aSI6IjVjZjk4YTJjNzEzZDQ1MWViZjIxMTRjYzAyYTdiMmRmIiwiaWF0IjoxNTU2MDIzODc2LCJleHAiOjE1NTYwMjM5MDYsImF1ZCI6IkVVLkVPUkkuTkwwMDAwMDAwMDEiLCJwYXJ0aWVzX2luZm8iOnsiY291bnQiOjEsImRhdGEiOlt7InBhcnR5X2lkIjoiRVUuRU9SSS5OTDAwMDAwMDAwMyIsInBhcnR5X25hbWUiOiJXYXJlaG91c2UgMTMgQi5WLiIsImFkaGVyZW5jZSI6eyJzdGF0dXMiOiJBY3RpdmUiLCJzdGFydF9kYXRlIjoiMjAxOC0wNC0yNlQwMDowMDowMCIsImVuZF9kYXRlIjoiMjAxOS0wNy0yNVQwMDowMDowMCJ9LCJjZXJ0aWZpY2F0aW9ucyI6W10sImNhcGFiaWxpdHlfdXJsIjoiaHR0cHM6Ly93MTMuaXNoYXJldGVzdC5uZXQvY2FwYWJpbGl0aWVzIn1dfX0.XY5ebg1wNEmv1ll1jQ90fm84uk_j5NKBBUckJaUPLMf85polj8Zm5xNUGZhJTj5cYyz0p9lzhfJ-DAHEVEG2Xzy0eEoBuvZqA5PVtx4STsDeR-7uyDk-3rTPn9U1yIgeguBD6NXLAVNVsDBNz5UOyIOZVsAf2ZdUr0khzvM1hUwBeLuDwzU2d8EOH0_mRYUlu2BnDvGgW2i_rWXhIbafMMPCfmDRXh1KESC0WSMo0nJgJdVY9S0a2TKd-rbTaVx5WL2IL3avLrANyWonQ6HJEPMT80ql5ccABZa2KeTtVDTXSnqWGuxi4otb5lm3HS7UYwxKM8bXF7CQRn56pi5NKw"
}
Decoded Response Example (JWT Payload)
{
  "count": 1,
  "data": [
    {
      "party_id": "EU.EORI.NL000000003",
      "party_name": "Warehouse 13 B.V.",
      "adherence": {
            "status": "Active",
            "start_date": "2018-04-26T00:00:00",
            "end_date": "2019-07-25T00:00:00"
      },
      "certifications": [],
      "capability_url": "https://w13.isharetest.net/capabilities",
    }
  ]
}

Obtains information on an iSHARE party

GET /scheme_owner/parties/{party_id}

Used to obtain information on an iSHARE participant from the iSHARE Scheme owner. By default returns current state. Server response is an iSHARE signed JSON Web Token. Please refer to the models ‘jwt_header’ and ‘jwt_payload_party’ which indicate what the decoded response will look like. Functionality is also incorporated in the /parties endpoint, therefore this endpoint is subject for removal from the Scheme Owner capabilities in due time.

Authorization
in header
string

Oauth 2.0 authorisation based on bearer token. MUST contain "Bearer " + access token value

party_id
in path
string

iSHARE specific identifier of the party for which information is requested

date_time
in query
string

Date time for which the information is requested. If provided the result becomes final and therefore MUST be cacheable

certificate_subject_name
in query
string

subjectName as encoded in the X.509 certificate which corresponds with the party_id that is being requested from the Scheme Owner. Used by the Scheme Owner to match the certificate identifier and party_id

Request Example (Requesting info on Warehouse 13)


Path:
/parties/EU.EORI.NL000000003
Header:
{ "Authorization":"Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1NTYwMTYyNjIsImV4cCI6MTU1NjAxOTg2MiwiaXNzIjoiaHR0cHM6Ly9zY2hlbWUuaXNoYXJldGVzdC5uZXQvIiwiYXVkIjoiRVUuRU9SSS5OTDAwMDAwMDAwMCIsImNsaWVudF9pZCI6IkVVLkVPUkkuTkwwMDAwMDAwMDEiLCJzY29wZSI6WyJpU0hBUkUiXX0.Yy8lJhCsOC1tU_A6bLQvWF6Ydm_XsH80HcOHPri6YJKUMU_fJUvZs6hnitgtwAHuTDPn5Ngdir6W4HhVTI8XSWerbJzdmbYKg5q8YDMo1QG3K_Dsu_Z6KLI91kMauFx_skx79z-kC-t_V0CSBRThq_Ij08qMmVkbWWpj6x0sJ1P7Pd0A1otYoOjSfYRRtTAm1IsJXHuAIe7lErR4uuQr8uKlljPIUh69kl5NAtj8l31uR1Kuqp1KfzZUeEPFM0m1efhK609Tjq4sxn8PG5HMthkc2snO8BcI53FYWuQ71txFEaCxTHYQipUhcxWVUczDjIosW9eKYVD7O6r1th0cVw" }
party_token

string

Response Example (200 OK)
{
  "party_token":"eyJ4NWMiOlsiTUlJRWlEQ0NBbkNnQXdJQkFnSUllRElyZG5ZbzJuZ3dEUVlKS29aSWh2Y05BUUVMQlFBd1NERVpNQmNHQTFVRUF3d1FhVk5JUVZKRlZHVnpkRU5CWDFSTVV6RU5NQXNHQTFVRUN3d0VWR1Z6ZERFUE1BMEdBMVVFQ2d3R2FWTklRVkpGTVFzd0NRWURWUVFHRXdKT1REQWVGdzB4T1RBeU1UVXhNVFEyTlRoYUZ3MHlNVEF5TVRReE1UUTJOVGhhTUVreEhEQWFCZ05WQkFNTUUybFRTRUZTUlNCVFkyaGxiV1VnVDNkdVpYSXhIREFhQmdOVkJBVVRFMFZWTGtWUFVra3VUa3d3TURBd01EQXdNREF4Q3pBSkJnTlZCQVlUQWs1TU1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBMFJvb2hlUEwwMk52NEJaVEoza3A3bktzaHNtanJjcjhNQmFBaFFwWlpBc2dUQWxtUWlDVFBtM2M4cVlQcU4rVHVnZ0ZXQ05uKzlXNTRDNVVHcXNJd3RYVGszWWV4QXdaNG9qUlJ0bzhsMUhQRFZBUzZXdlc3NEFDTlpsRWdHd2pyQ0d5MitNNVFQN083d0IwVDZvRkJvZlJ3SFpHemdidFNiU1FodXF3VXhmMEdaSTh4QWwyL0dUSDI1VmZwOVQ3MUpFcG9aOWtzUDNDSWk1QkhrbGJUNUdLeEVPRmZkTU11cFg3bVduTlFiTHh1UXBBdEdDdW9yR2ZQRkU3RjVldkUxem9wd2NlQTVGc0UxTGFCUnF0K0VPcFBJbVNhalIwMmJjaEs5alM2bllFV3MvRlpHTHRKYWxsNUwzU25aTTZPaFd4TStsS0d6Rkt3NVRJWE45RE13SURBUUFCbzNVd2N6QU1CZ05WSFJNQkFmOEVBakFBTUI4R0ExVWRJd1FZTUJhQUZCWTg1eURwMXBUdkgrV2k4Ymo4dnVyZkxEZUJNQk1HQTFVZEpRUU1NQW9HQ0NzR0FRVUZCd01CTUIwR0ExVWREZ1FXQkJSZndpalQ3NWRJS1BsRkMvQ3RSRHFVS1g5VE5qQU9CZ05WSFE4QkFmOEVCQU1DQmFBd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFLNFBXVHEvZHF0Vm0rNFdDZDFLUUo0dGorbjRjY0lBWUxETXFZU0JKc042UTJjdE1SQy8rK3lNL293UEhCcmlUendXL2pvQXBOUGVaaDFJVFRnU3phMzhtM2h4b0RxMXV4NkhWR3lLNVFDUW9qRmRsZWM3dE9IbG1jYnV5VjRDRXlNWmJHK3lMbVZESTNxNTNWQVBnV3ZLSWkyUlVwc1BOdzJsbzZINjZ2SE5wNWZpcEIvdEU0Q0RsYS9UYU41MWxOM2xYT3c0bHRiWmJ6YmQ2TXhJbEVDUWZKSDVlUHJpcGFrSmhuaVZrWnZRVmthS0FlcFNYMGFEWUxPcFFRbmV0RFdab1ZKS0FzR0VMM0hMaWhxWXNEejcvQlQzRHdUMEtDNSs5OGdqR1p3dkx3ZXRKOTZLWFRBRTUwMmYzak95UDdERDZ1SytKS2d2UVp5dkk1L0V1cDBUdE5sUmZKeThhZDhweCszOG9JeEdBbGJzS29XbXowb2FNR0MrbFZHTlAyTTQ4TTdWa3RCVHB5bXF4Vnd0VGt2TVBqWldIS2xYdDJXMzNtTktHakpTOTVJNXZxT0tQV1NTc1dkSlJZSkNsbUVybWlkTlczMWxXQVZQcjFpU1M0SlhEdllQTENQNDRhNGVkMEdhV1pSdi9iK0QyK1FVZ09iOFN6bWpQdmYvMkdOdHFXUmR5WXRYWjl2eDAzNGkrWEYveWU4c2lOK1grd0ZIdFJ1bXRzd2Irc2NRZjRmVTZNaktCS1VzUERBUkFHakhqNXhIQkRqcTg0bmpHdVFjbDBoYlMzK1pTVjROcWtKSVVzMkxVdDlFdjFYN2FCNy85NUVYQWNnTlhkM0tQVm0zcDhORDc1QXFNMEZHUUVhUXlPd3FLY3FUQ2xKQ3VmR3NVWTRzN3JXUiJdLCJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJFVS5FT1JJLk5MMDAwMDAwMDAwIiwic3ViIjoiRVUuRU9SSS5OTDAwMDAwMDAwMCIsImp0aSI6ImUxNGVjY2Q2ZTgwZjRhZjViYTc0NWJlMWViNzE5MDM0IiwiaWF0IjoxNTU2MDI0NDAwLCJleHAiOjE1NTYwMjQ0MzAsImF1ZCI6IkVVLkVPUkkuTkwwMDAwMDAwMDEiLCJwYXJ0eV9pbmZvIjp7InBhcnR5X2lkIjoiRVUuRU9SSS5OTDAwMDAwMDAwMyIsInBhcnR5X25hbWUiOiJXYXJlaG91c2UgMTMgQi5WLiIsImFkaGVyZW5jZSI6eyJzdGF0dXMiOiJBY3RpdmUiLCJzdGFydF9kYXRlIjoiMjAxOC0wNC0yNlQwMDowMDowMCIsImVuZF9kYXRlIjoiMjAxOS0wNy0yNVQwMDowMDowMCJ9LCJjZXJ0aWZpY2F0aW9ucyI6W10sImNhcGFiaWxpdHlfdXJsIjoiaHR0cHM6Ly93MTMuaXNoYXJldGVzdC5uZXQvY2FwYWJpbGl0aWVzIn19.l0qJfclzG6wz8MCe0MQREz_OhUpGfwQNVFu080_NHc109TKecxWeYQwy7i3OYuY1SIvMSfbBrf1-QVydCkKkM-zRpJkPXfME90n0JPW74opVnw50NPMcNiou4HkV0F8WiBoOebq6e_UM1nvx76xfbFy5YuGvfqcs97usL8vUDRaT5PZK_WVhT7USPHHJk7kXqVBL0BCSqutL1U4ITdnh9NM3N7p7QzIh0IAbQyLC-cbh27B9y-A9A9lKf7z22MDpKKLDoGGNb_Cm6lty8vjoPu1VHVi9gL5DYCKxC9qCZD8L7HYHRslkf8uX9GBEpzn6A8JSgXXATQE8D3077eLiQA"
}
Decoded Response Example (JWT Payload)

{
  "party_id": "EU.EORI.NL000000003",
  "party_name": "Warehouse 13 B.V.",
  "adherence": {
        "status": "Active",
        "start_date": "2018-04-26T00:00:00",
        "end_date": "2019-07-25T00:00:00"
  },
  "certifications": [],
  "capability_url": "https://w13.isharetest.net/capabilities",
}

Obtains iSHARE trusted list

GET /scheme_owner/trusted_list

Used to obtain the iSHARE trusted list of certificate authorities. This will return PKIoverheid and eIDAS-qualified CAs valid under iSHARE. Server response is an iSHARE signed JSON Web Token. Please refer to the models ‘jwt_header’ and and ‘jwt_payload_trusted_list_token’ which indicate what the decoded response will look like. The certificate_fingerprint is the SHA256-fingerprint of the certificate.

Authorization
in header
string

Oauth 2.0 authorisation based on bearer token. MUST contain "Bearer " + access token value

Request Example (Requesting the trusted list)
Header:
{ "Authorization":"Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1NTYwMTYyNjIsImV4cCI6MTU1NjAxOTg2MiwiaXNzIjoiaHR0cHM6Ly9zY2hlbWUuaXNoYXJldGVzdC5uZXQvIiwiYXVkIjoiRVUuRU9SSS5OTDAwMDAwMDAwMCIsImNsaWVudF9pZCI6IkVVLkVPUkkuTkwwMDAwMDAwMDEiLCJzY29wZSI6WyJpU0hBUkUiXX0.Yy8lJhCsOC1tU_A6bLQvWF6Ydm_XsH80HcOHPri6YJKUMU_fJUvZs6hnitgtwAHuTDPn5Ngdir6W4HhVTI8XSWerbJzdmbYKg5q8YDMo1QG3K_Dsu_Z6KLI91kMauFx_skx79z-kC-t_V0CSBRThq_Ij08qMmVkbWWpj6x0sJ1P7Pd0A1otYoOjSfYRRtTAm1IsJXHuAIe7lErR4uuQr8uKlljPIUh69kl5NAtj8l31uR1Kuqp1KfzZUeEPFM0m1efhK609Tjq4sxn8PG5HMthkc2snO8BcI53FYWuQ71txFEaCxTHYQipUhcxWVUczDjIosW9eKYVD7O6r1th0cVw" }
trusted_list_token

string

Response Example (200 OK)
{
  "trusted_list_token":"eyJ4NWMiOlsiTUlJRWlEQ0NBbkNnQXdJQkFnSUllRElyZG5ZbzJuZ3dEUVlKS29aSWh2Y05BUUVMQlFBd1NERVpNQmNHQTFVRUF3d1FhVk5JUVZKRlZHVnpkRU5CWDFSTVV6RU5NQXNHQTFVRUN3d0VWR1Z6ZERFUE1BMEdBMVVFQ2d3R2FWTklRVkpGTVFzd0NRWURWUVFHRXdKT1REQWVGdzB4T1RBeU1UVXhNVFEyTlRoYUZ3MHlNVEF5TVRReE1UUTJOVGhhTUVreEhEQWFCZ05WQkFNTUUybFRTRUZTUlNCVFkyaGxiV1VnVDNkdVpYSXhIREFhQmdOVkJBVVRFMFZWTGtWUFVra3VUa3d3TURBd01EQXdNREF4Q3pBSkJnTlZCQVlUQWs1TU1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBMFJvb2hlUEwwMk52NEJaVEoza3A3bktzaHNtanJjcjhNQmFBaFFwWlpBc2dUQWxtUWlDVFBtM2M4cVlQcU4rVHVnZ0ZXQ05uKzlXNTRDNVVHcXNJd3RYVGszWWV4QXdaNG9qUlJ0bzhsMUhQRFZBUzZXdlc3NEFDTlpsRWdHd2pyQ0d5MitNNVFQN083d0IwVDZvRkJvZlJ3SFpHemdidFNiU1FodXF3VXhmMEdaSTh4QWwyL0dUSDI1VmZwOVQ3MUpFcG9aOWtzUDNDSWk1QkhrbGJUNUdLeEVPRmZkTU11cFg3bVduTlFiTHh1UXBBdEdDdW9yR2ZQRkU3RjVldkUxem9wd2NlQTVGc0UxTGFCUnF0K0VPcFBJbVNhalIwMmJjaEs5alM2bllFV3MvRlpHTHRKYWxsNUwzU25aTTZPaFd4TStsS0d6Rkt3NVRJWE45RE13SURBUUFCbzNVd2N6QU1CZ05WSFJNQkFmOEVBakFBTUI4R0ExVWRJd1FZTUJhQUZCWTg1eURwMXBUdkgrV2k4Ymo4dnVyZkxEZUJNQk1HQTFVZEpRUU1NQW9HQ0NzR0FRVUZCd01CTUIwR0ExVWREZ1FXQkJSZndpalQ3NWRJS1BsRkMvQ3RSRHFVS1g5VE5qQU9CZ05WSFE4QkFmOEVCQU1DQmFBd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFLNFBXVHEvZHF0Vm0rNFdDZDFLUUo0dGorbjRjY0lBWUxETXFZU0JKc042UTJjdE1SQy8rK3lNL293UEhCcmlUendXL2pvQXBOUGVaaDFJVFRnU3phMzhtM2h4b0RxMXV4NkhWR3lLNVFDUW9qRmRsZWM3dE9IbG1jYnV5VjRDRXlNWmJHK3lMbVZESTNxNTNWQVBnV3ZLSWkyUlVwc1BOdzJsbzZINjZ2SE5wNWZpcEIvdEU0Q0RsYS9UYU41MWxOM2xYT3c0bHRiWmJ6YmQ2TXhJbEVDUWZKSDVlUHJpcGFrSmhuaVZrWnZRVmthS0FlcFNYMGFEWUxPcFFRbmV0RFdab1ZKS0FzR0VMM0hMaWhxWXNEejcvQlQzRHdUMEtDNSs5OGdqR1p3dkx3ZXRKOTZLWFRBRTUwMmYzak95UDdERDZ1SytKS2d2UVp5dkk1L0V1cDBUdE5sUmZKeThhZDhweCszOG9JeEdBbGJzS29XbXowb2FNR0MrbFZHTlAyTTQ4TTdWa3RCVHB5bXF4Vnd0VGt2TVBqWldIS2xYdDJXMzNtTktHakpTOTVJNXZxT0tQV1NTc1dkSlJZSkNsbUVybWlkTlczMWxXQVZQcjFpU1M0SlhEdllQTENQNDRhNGVkMEdhV1pSdi9iK0QyK1FVZ09iOFN6bWpQdmYvMkdOdHFXUmR5WXRYWjl2eDAzNGkrWEYveWU4c2lOK1grd0ZIdFJ1bXRzd2Irc2NRZjRmVTZNaktCS1VzUERBUkFHakhqNXhIQkRqcTg0bmpHdVFjbDBoYlMzK1pTVjROcWtKSVVzMkxVdDlFdjFYN2FCNy85NUVYQWNnTlhkM0tQVm0zcDhORDc1QXFNMEZHUUVhUXlPd3FLY3FUQ2xKQ3VmR3NVWTRzN3JXUiJdLCJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJFVS5FT1JJLk5MMDAwMDAwMDAwIiwic3ViIjoiRVUuRU9SSS5OTDAwMDAwMDAwMCIsImp0aSI6IjgxYmExMGU0NjJlODRmOTBiODM0NDE4ZmJlZDU0ZWE3IiwiaWF0IjoxNTU2MDM0MjU1LCJleHAiOjE1NTYwMzQyODUsImF1ZCI6IkVVLkVPUkkuTkwwMDAwMDAwMDEiLCJ0cnVzdGVkX2xpc3QiOlt7InN1YmplY3QiOiJDPU5MLCBPPVN0YWF0IGRlciBOZWRlcmxhbmRlbiwgQ049VEVTVCBTdGFhdCBkZXIgTmVkZXJsYW5kZW4gT3JnYW5pc2F0aWUgU2VydmljZXMgQ0EgLSBHMyIsImNlcnRpZmljYXRlX2ZpbmdlcnByaW50IjoiREMxM0ZDOTRGRjAxNDlERTFCMDdGNzk2NUY2NTVBRUQ1NEM2QTZCREE3QURGNzFBNzMyRkZDRkFCQzQ1NEM3QSIsInZhbGlkaXR5IjoidmFsaWQiLCJzdGF0dXMiOiJncmFudGVkIn0seyJzdWJqZWN0IjoiQz1OTCwgTz1pU0hBUkUgRm91bmRhdGlvbiwgQ049VEVTVCBpU0hBUkUgRm91bmRhdGlvbiBQS0lvdmVyaGVpZCBPcmdhbmlzYXRpZSBTZXJ2ZXIgQ0EgLSBHMyIsImNlcnRpZmljYXRlX2ZpbmdlcnByaW50IjoiRjIxODEzM0NEM0FDMkQ5NzBEMTBDQTQ2QkIwM0Y4MzI0NTMzMjRCMEY0QUY1QzNGNjFCQUQ2RkRFRUM1RUI4MyIsInZhbGlkaXR5IjoidmFsaWQiLCJzdGF0dXMiOiJncmFudGVkIn0seyJzdWJqZWN0IjoiQz1OTCwgTz1URVNUIFN0YWF0IGRlciBOZWRlcmxhbmRlbiwgQ049VEVTVCBTdGFhdCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEczIiwiY2VydGlmaWNhdGVfZmluZ2VycHJpbnQiOiI5OEM5QzE0RjdGMUY5QTgzQTc0NEUwQUNCQTlEQTZBNDdFRTk2RTA1M0Q3Mjc5NTQ1N0E1QkMwMjA3MjI5RDQzIiwidmFsaWRpdHkiOiJ2YWxpZCIsInN0YXR1cyI6ImdyYW50ZWQifSx7InN1YmplY3QiOiJDPU5MLCBPPWlTSEFSRSwgT1U9VGVzdCwgQ049aVNIQVJFVGVzdENBIiwiY2VydGlmaWNhdGVfZmluZ2VycHJpbnQiOiJBNzhGREY3QkExM0JCRDk1QzYyMzY5NzJERDAwM0ZBRTA3RjRFNDQ3Qjc5MUI2RUY2NzM3QUQyMkYwQjYxODYyIiwidmFsaWRpdHkiOiJ2YWxpZCIsInN0YXR1cyI6ImdyYW50ZWQifSx7InN1YmplY3QiOiJDPU5MLCBPPWlTSEFSRSwgT1U9VGVzdCwgQ049aVNIQVJFVGVzdENBX1RMUyIsImNlcnRpZmljYXRlX2ZpbmdlcnByaW50IjoiREYyRkY1MUQxQjI1NTlENjg2NzIzQzk3MDM3REM5RDVDNTg5NDA2Q0FDNEY4NEMyOUFCM0Q0M0UwMTI2MjUxRCIsInZhbGlkaXR5IjoidmFsaWQiLCJzdGF0dXMiOiJncmFudGVkIn1dfQ.ogJV2tcJvYNN-4ps9mzX9RiOCZQr7liD7DVqCH9fXjcOa_SXSlVkvSXcwWYL91ov-c9EtWhFJKI3GP_8aX0a_ss6FgfzLYAjRTU5Pc5qA544Y5IJrhANOCMXgZV4IHV6Lmf9jeti7jmLFMDWCpLedmxWV4zSYYIDl1X6KkuAopJVtltRVpZVlAVBWGYnS7b1Z4BJ5-ii5F4JMPmscZRu7TkMHhRDSCTEM5UGWNOiuQVhJOkQQmpkuMcDzt6jN8ijD8f37x6mzeHBN1N0Zc6oijbHRFC-SPgJZRnTTzb-8q7SAAzJz3p37In6oWBmcv-grbOghIB77zzqbC78xIAPOw"
}
Decoded Response Example (JWT Payload)

{
  "trusted_list": [
      {
            "subject": "C=NL, O=iSHARE, OU=Test, CN=iSHARETestCA",
            "certificate_fingerprint": "A78FDF7BA13BBD95C6236972DD003FAE07F4E447B791B6EF6737AD22F0B61862",
            "validity": "valid",
            "status": "granted"
      },
      {
            "subject": "C=NL, O=iSHARE, OU=Test, CN=iSHARETestCA_TLS",
            "certificate_fingerprint": "DF2FF51D1B2559D686723C97037DC9D5C589406CAC4F84C29AB3D43E0126251D",
            "validity": "valid",
            "status": "granted"
      },
    ]
}

Service Provider

Obtains access token

POST /service_provider/oauth2.0/token

Used to obtain an OAuth access token from the Service Provider. The format of access_token is not defined by this specification. They are left to the server and should be opaque to the Service Consumer. Refer to the iSHARE OAuth 2.0 documentation on the Technical Agreements page for additional information on the expected values from this access token request body.

grant_type
in formData
string

OAuth 2.0 grant type. MUST contain "client_credentials"

scope
in formData
string

OAuth 2.0 scope. Defaults to "iSHARE", indicating all rights of the Service Consumer are requested. Other values allow the Service Consumer to get tokens that do not include all rights the Service Consumer has.

client_id
in formData
string

OpenID Connect 1.0 client ID. Used in iSHARE for all client identification for OAuth/OpenID Connect. MUST contain a valid iSHARE identifier of the Service Consumer

client_assertion_type
in formData
string

OpenID Connect 1.0 client assertion type. Used in iSHARE for all client identification for OAuth/OpenID Connect. MUST contain "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"

client_assertion
in formData
string

OpenID Connect 1.0 client assertion. Used in iSHARE for all client identification for OAuth/OpenID Connect. MUST contain JWT token conform iSHARE specifications, signed by the client.

Request body Example application/x-www-form-urlencoded
grant_type=client_credentials&scope=iSHARE&client_id=EU.EORI.NL000000001&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&client_assertion=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlFZ1RDQ0FtbWdBd0lCQWdJSU45VmlDRGkzQndzd0RRWUpLb1pJaHZjTkFRRUxCUUF3U0RFWk1CY0dBMVVFQXd3UWFWTklRVkpGVkdWemRFTkJYMVJNVXpFTk1Bc0dBMVVFQ3d3RVZHVnpkREVQTUEwR0ExVUVDZ3dHYVZOSVFWSkZNUXN3Q1FZRFZRUUdFd0pPVERBZUZ3MHhPVEF5TVRVeE1UUTJNVFZhRncweU1UQXlNVFF4TVRRMk1UVmFNRUl4RlRBVEJnTlZCQU1NREVGQ1F5QlVjblZqYTJsdVp6RWNNQm9HQTFVRUJSTVRSVlV1UlU5U1NTNU9UREF3TURBd01EQXdNVEVMTUFrR0ExVUVCaE1DVGt3d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMwTzRoVWhEK1ZvT0tWSVpTTk1OVGZ6YzBPMmtZaitaenBRRUFCWkd0UHR5MGtLUEplcDArbzV4c3RvdTFLK1V4dkhmeEVwSHhIR1RkdHFadWMyOExoVTRDZUNnb2VETURUK0NIUzNOb3NpRVNRTXdoL1paZVRjOS9lS0NvNTY5R0NuKzJYdFRpR1NwQlN3TVNXcU5IZ3BBWllLZEhyVC9rRU1JeVRLb2F1dWlLUThjVXA3b3c3bVp6LzlLK3FWM3M5TDAzMFc4SWF3TEpCSksvMmFwQXQ1amgxajQvbUY3ZjBxOHpoemhyQzh2MDFQTGxaZHVUempqQnJlN216K3lpL3ZsWXovZWFwMGVZVGpoeElhdHlWOUZGd2xtaTRGQzFDTmNNdExoOG5zaUpvZTVjQm0xM0xLYlFGdTNHWUg3Nm9lTFp2V3FiUGJwMTFteGxIYS9LZEFnTUJBQUdqZFRCek1Bd0dBMVVkRXdFQi93UUNNQUF3SHdZRFZSMGpCQmd3Rm9BVUZqem5JT25XbE84ZjVhTHh1UHkrNnQ4c040RXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUhBd0V3SFFZRFZSME9CQllFRkFQSCs4VXJZaVZMWGFLUFJHZmxrQStjdXNRN01BNEdBMVVkRHdFQi93UUVBd0lGb0RBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQVlsNXRXSDBZdFlTOUp5cXlsWkpXb21BNTVTaEtsbGFCUmN2cm82Q0h4bGxKV0hvMHFDOVpUTWN2Q3l3TXYxNFZKeVFkNmVGWnFjVnRPbHVHclJaQmtsSDlBYW5rb3ZwMkpMYXFjRDc5dDFDeXVYWm5JelRGbC9Ca01zRTZ3bEFKWFkvc2Fybm94ZWllalA0RS9FZi8wZXVJRnZCYUlDQ0YrS2QyV0pZYmJuMFd5MGRINDg0UUpiSHlNdFZmcjQyb0lwVU5WdUxTdTg0eUtZQWVtOUpCdVlUcDNZMEsyaGlFQVcvYk9LRHZ2SGV0VmY1ZnU2NnlmZWtEWDUzajNOS2lGSkNYUzJyS0lab0R1TUZ1eHBTeVZrUzJrYldrMSs1Sm95N3FPU05BTlJGUGxwSGNnekxRWnA4SHJndmhzbWhJdDFWVFZZa3l4Y2Q4cVhBbGh3cVZnT3E1TmdMeGtxdWw5aE5NR2lNN3NxK0g3M1EvRmk4aWY3Z1A4SVZBU3pRR3d1SGcyWjg3aWI2QTJ2b24wZlJKWnEzZkl1YkhveEk2M0FUd2ZjUks4NnkxNzJ4YkZFM1ZVMGR1TjF0STVaMFRDZzBHQUpZdEpwYm52ZXhJdDVsazVGSWs0VGh2UjBMOG1OTHkxRFVhMTFOK0VNeGtxYmZxbFR1ckI4WmczQ1kvUWFTS21YWTVDTVV3V2VFQlhSSGh5ZmtaUTVqUFBVSHJGYW95T1JYOHAxRXJZRGt0QjFLOW80am11RVZwQjMzY3ZnWUJFaUF5VjV6NDQyNkZ1VkNNYkhhRkRWN2lLVzllQmxYb3hlWm80WFg4K2pYeVNMNUdXOFh3TlJUSzVjNHZXMDJRM1ZKeVlWZTV1bWVzdHNLUStMUjhpQXpvVVNyZUsxOCtKa0FqQUpVPSJdfQ.eyJpc3MiOiJFVS5FT1JJLk5MMDAwMDAwMDAxIiwic3ViIjoiRVUuRU9SSS5OTDAwMDAwMDAwMSIsImp0aSI6ImQyNjY3Y2ZmZWM5MDRlZDlhOGRhODkxNGU1MjI3NDVkIiwiaWF0IjoxNTU2MDM0ODI0LCJuYmYiOjE1NTYwMzQ4MjQsImV4cCI6MTU1NjAzNDg1NCwiYXVkIjoiRVUuRU9SSS5OTDAwMDAwMDAwMyJ9.YA5gzhWkDOXw_2d7krDAS9j1bsvqBmYap6qAHinHYpW-HkPR3fQQl-6yyaCPMRscesMIf14SEP0hiwvk-PhfLq7WzLEucwkk8DMysxTi3ju6cTXglY1X3SwNmeCB6VAyqIVgj0wNj_PG0aFJD23HXtFXvlcx8TqkmNIV7HFWEncjPBBAEoOOjXhlzIsg7T0l0tU4eyF_lX3pHBEU5QApyWK9rfMxw2CNGwfnlah1x4XUjM-khr3I7bolRmIqo5OoNqGw4jE7CGxGlNdW_c0LJbRSlDmYZrY42pWY8j8bnvJiV1CJmiOKmNOCInLW9fJgqyxbfl1_a-TQEshGhKiETQ
Request body Example formatted for visibility

  {
  "grant_type": "client_credentials",
  "scope": "iSHARE",
  "client_id": "EU.EORI.NL000000001",
  "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
  "client_assertion": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlFZ1RDQ0FtbWdBd0lCQWdJSU45VmlDRGkzQndzd0RRWUpLb1pJaHZjTkFRRUxCUUF3U0RFWk1CY0dBMVVFQXd3UWFWTklRVkpGVkdWemRFTkJYMVJNVXpFTk1Bc0dBMVVFQ3d3RVZHVnpkREVQTUEwR0ExVUVDZ3dHYVZOSVFWSkZNUXN3Q1FZRFZRUUdFd0pPVERBZUZ3MHhPVEF5TVRVeE1UUTJNVFZhRncweU1UQXlNVFF4TVRRMk1UVmFNRUl4RlRBVEJnTlZCQU1NREVGQ1F5QlVjblZqYTJsdVp6RWNNQm9HQTFVRUJSTVRSVlV1UlU5U1NTNU9UREF3TURBd01EQXdNVEVMTUFrR0ExVUVCaE1DVGt3d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMwTzRoVWhEK1ZvT0tWSVpTTk1OVGZ6YzBPMmtZaitaenBRRUFCWkd0UHR5MGtLUEplcDArbzV4c3RvdTFLK1V4dkhmeEVwSHhIR1RkdHFadWMyOExoVTRDZUNnb2VETURUK0NIUzNOb3NpRVNRTXdoL1paZVRjOS9lS0NvNTY5R0NuKzJYdFRpR1NwQlN3TVNXcU5IZ3BBWllLZEhyVC9rRU1JeVRLb2F1dWlLUThjVXA3b3c3bVp6LzlLK3FWM3M5TDAzMFc4SWF3TEpCSksvMmFwQXQ1amgxajQvbUY3ZjBxOHpoemhyQzh2MDFQTGxaZHVUempqQnJlN216K3lpL3ZsWXovZWFwMGVZVGpoeElhdHlWOUZGd2xtaTRGQzFDTmNNdExoOG5zaUpvZTVjQm0xM0xLYlFGdTNHWUg3Nm9lTFp2V3FiUGJwMTFteGxIYS9LZEFnTUJBQUdqZFRCek1Bd0dBMVVkRXdFQi93UUNNQUF3SHdZRFZSMGpCQmd3Rm9BVUZqem5JT25XbE84ZjVhTHh1UHkrNnQ4c040RXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUhBd0V3SFFZRFZSME9CQllFRkFQSCs4VXJZaVZMWGFLUFJHZmxrQStjdXNRN01BNEdBMVVkRHdFQi93UUVBd0lGb0RBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQVlsNXRXSDBZdFlTOUp5cXlsWkpXb21BNTVTaEtsbGFCUmN2cm82Q0h4bGxKV0hvMHFDOVpUTWN2Q3l3TXYxNFZKeVFkNmVGWnFjVnRPbHVHclJaQmtsSDlBYW5rb3ZwMkpMYXFjRDc5dDFDeXVYWm5JelRGbC9Ca01zRTZ3bEFKWFkvc2Fybm94ZWllalA0RS9FZi8wZXVJRnZCYUlDQ0YrS2QyV0pZYmJuMFd5MGRINDg0UUpiSHlNdFZmcjQyb0lwVU5WdUxTdTg0eUtZQWVtOUpCdVlUcDNZMEsyaGlFQVcvYk9LRHZ2SGV0VmY1ZnU2NnlmZWtEWDUzajNOS2lGSkNYUzJyS0lab0R1TUZ1eHBTeVZrUzJrYldrMSs1Sm95N3FPU05BTlJGUGxwSGNnekxRWnA4SHJndmhzbWhJdDFWVFZZa3l4Y2Q4cVhBbGh3cVZnT3E1TmdMeGtxdWw5aE5NR2lNN3NxK0g3M1EvRmk4aWY3Z1A4SVZBU3pRR3d1SGcyWjg3aWI2QTJ2b24wZlJKWnEzZkl1YkhveEk2M0FUd2ZjUks4NnkxNzJ4YkZFM1ZVMGR1TjF0STVaMFRDZzBHQUpZdEpwYm52ZXhJdDVsazVGSWs0VGh2UjBMOG1OTHkxRFVhMTFOK0VNeGtxYmZxbFR1ckI4WmczQ1kvUWFTS21YWTVDTVV3V2VFQlhSSGh5ZmtaUTVqUFBVSHJGYW95T1JYOHAxRXJZRGt0QjFLOW80am11RVZwQjMzY3ZnWUJFaUF5VjV6NDQyNkZ1VkNNYkhhRkRWN2lLVzllQmxYb3hlWm80WFg4K2pYeVNMNUdXOFh3TlJUSzVjNHZXMDJRM1ZKeVlWZTV1bWVzdHNLUStMUjhpQXpvVVNyZUsxOCtKa0FqQUpVPSJdfQ.eyJpc3MiOiJFVS5FT1JJLk5MMDAwMDAwMDAxIiwic3ViIjoiRVUuRU9SSS5OTDAwMDAwMDAwMSIsImp0aSI6ImQyNjY3Y2ZmZWM5MDRlZDlhOGRhODkxNGU1MjI3NDVkIiwiaWF0IjoxNTU2MDM0ODI0LCJuYmYiOjE1NTYwMzQ4MjQsImV4cCI6MTU1NjAzNDg1NCwiYXVkIjoiRVUuRU9SSS5OTDAwMDAwMDAwMyJ9.YA5gzhWkDOXw_2d7krDAS9j1bsvqBmYap6qAHinHYpW-HkPR3fQQl-6yyaCPMRscesMIf14SEP0hiwvk-PhfLq7WzLEucwkk8DMysxTi3ju6cTXglY1X3SwNmeCB6VAyqIVgj0wNj_PG0aFJD23HXtFXvlcx8TqkmNIV7HFWEncjPBBAEoOOjXhlzIsg7T0l0tU4eyF_lX3pHBEU5QApyWK9rfMxw2CNGwfnlah1x4XUjM-khr3I7bolRmIqo5OoNqGw4jE7CGxGlNdW_c0LJbRSlDmYZrY42pWY8j8bnvJiV1CJmiOKmNOCInLW9fJgqyxbfl1_a-TQEshGhKiETQ",
  }
200 OK
access_token

string

token_type

string

expires_in

integer

Response Example (200 OK)
{
  "access_token""eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1NTYwMzQ5MzEsImV4cCI6MTU1NjAzODUzMSwiaXNzIjoiaHR0cHM6Ly93MTMuaXNoYXJldGVzdC5uZXQvIiwiYXVkIjoiRVUuRU9SSS5OTDAwMDAwMDAwMyIsImNsaWVudF9pZCI6IkVVLkVPUkkuTkwwMDAwMDAwMDEiLCJzY29wZSI6WyJpU0hBUkUiXX0.QSPTgpktC3hYjNGMzR-LSial3AZbbUjFHRIMnNipgYQronq5h2W2MWUnXv2dm4iDCw9TK193s-hizGLZ-e11NHEgAR8ifX2d3TkwDjMpBNERXeH0o8FOapUAjJaGJ_wwfp9-hcyKgijSsbUkqbkNxgWKrzmIV88Fk4vUxQuEW6yvrpPyLr0Vqb7Ex-j44Cnj7MWjT0FZR0PWv5gm8rsy-nuyQPw9Z8eVlRG23E33NpKDwYf23vXIIcKuxX-kEJIfFeKCnqC9DxDTj5X5mCY8_Fz3R5OUQGDeNb1A7juS99eRmPmhYa1ihVdl0lf2fZAy72I3iEsoijplJU6a2PZSoA",
  "token_type": "Bearer",
  "expires_in": 3600
}

Receives Human Service Consumer after authentication

GET /service_provider/openid_connect1.0/return

OpenID Connect end-point for recieving the redirect from the Identity Provider or Identity Broker. Not bound to name 'return'. MAY have any name the Service Provider chooses.

code
in query
string

OAuth 2.0 authorisation code for retrieving access_token & id_token

state
in query
string

OpenID Connect 1.0 state. MUST contain the state as provided by the Service Provider in the request to the Identity Provider or Identity Broker.

200 OK

OK

Example service of the Service Provider

GET /service_provider/service

This is an example service to show how any Service Provider that adheres to iSHARE MUST apply iSHARE conformant OAuth to every iSHARE enabled service. Not bound to name 'service'. MAY have any name the Service Provider chooses.

Authorization
in header
string

Oauth 2.0 authorisation based on bearer token. MUST contain "Bearer " + access token value

delegation_evidence
in header
string

iSHARE delegation evidence regarding the requested service. The Service Consumer can obtain this evidence from an Authorization Registry / Entitled Party before requesting a specific service.

service_consumer_assertion
in header
string

iSHARE specific optional client assertion. Used when a Service Consumer is requesting a service on behalf of another Service Consumer in a 'service broker' pattern. It is used to prove that the 'brokering' Service Consumer indeed has had a request from the original Service Consumer

LicensePurpose
in header
string

Optional iSHARE specific value describing the purpose of the license the Service Consuming Entity requests for the data in the service response

Service-Headers
in header
string

Any service specific headers

OK

Response Example (200 OK)
{
  "service_content_1": "string",
  "service_content_n": "string"
}
Response Headers (200 OK)
LicensePurpose

Optional iSHARE specific value describing the purpose of the license the Service Consuming Entity receives for the data in the service response

string
LicenseSubLicense

Optional iSHARE specific value describing the amount of sub license(s) the Service Consuming Entity is allowed to issue for the data in the service response

string
LicenseEndDate

Optional iSHARE specific value describing the duration of the license for the data in the service response

boolean

Example service of the Service Provider

POST /service_provider/service

This is an example service to show how any Service Provider that adheres to iSHARE MUST apply iSHARE conformant OAuth to every iSHARE enabled service. Not bound to name 'service'. MAY have any name the Service Provider chooses.

Authorization
in header
string

Oauth 2.0 authorisation based on bearer token. MUST contain "Bearer " + access token value

delegation_evidence
in header
string

iSHARE delegation evidence regarding the requested service. The Service Consumer can obtain this evidence from an Authorization Registry / Entitled Party before requesting a specific service.

service_consumer_assertion
in header
string

iSHARE specific optional client assertion. Used when a Service Consumer is requesting a service on behalf of another Service Consumer in a 'service broker' pattern. It is used to prove that the 'brokering' Service Consumer indeed has had a request from the original Service Consumer

LicensePurpose
in header
string

Optional iSHARE specific value describing the purpose of the license the Service Consuming Entity requests for the data in the service response

Service-Headers
in header
string

Any service specific headers

OK

Response Example (200 OK)
{
  "service_content_1": "string",
  "service_content_n": "string"
}
Response Headers (200 OK)
LicensePurpose

Optional iSHARE specific value describing the purpose of the license the Service Consuming Entity receives for the data in the service response

string
LicenseSubLicense

Optional iSHARE specific value describing the amount of sub license(s) the Service Consuming Entity is allowed to issue for the data in the service response

string
LicenseEndDate

Optional iSHARE specific value describing the duration of the license for the data in the service response

boolean

Example service of the Service Provider

PUT /service_provider/service

This is an example service to show how any Service Provider that adheres to iSHARE MUST apply iSHARE conformant OAuth to every iSHARE enabled service. Not bound to name 'service'. MAY have any name the Service Provider chooses.

Authorization
in header
string

Oauth 2.0 authorisation based on bearer token. MUST contain "Bearer " + access token value

delegation_evidence
in header
string

iSHARE delegation evidence regarding the requested service. The Service Consumer can obtain this evidence from an Authorization Registry / Entitled Party before requesting a specific service.

service_consumer_assertion
in header
string

iSHARE specific optional client assertion. Used when a Service Consumer is requesting a service on behalf of another Service Consumer in a 'service broker' pattern. It is used to prove that the 'brokering' Service Consumer indeed has had a request from the original Service Consumer

LicensePurpose
in header
string

Optional iSHARE specific value describing the purpose of the license the Service Consuming Entity requests for the data in the service response

Service-Headers
in header
string

Any service specific headers

OK

Response Example (200 OK)
{
  "service_content_1": "string",
  "service_content_n": "string"
}
Response Headers (200 OK)
LicensePurpose

Optional iSHARE specific value describing the purpose of the license the Service Consuming Entity receives for the data in the service response

string
LicenseSubLicense

Optional iSHARE specific value describing the amount of sub license(s) the Service Consuming Entity is allowed to issue for the data in the service response

string
LicenseEndDate

Optional iSHARE specific value describing the duration of the license for the data in the service response

boolean

Example service of the Service Provider

PATCH /service_provider/service

This is an example service to show how any Service Provider that adheres to iSHARE MUST apply iSHARE conformant OAuth to every iSHARE enabled service. Not bound to name 'service'. MAY have any name the Service Provider chooses.

Authorization
in header
string

Oauth 2.0 authorisation based on bearer token. MUST contain "Bearer " + access token value

delegation_evidence
in header
string

iSHARE delegation evidence regarding the requested service. The Service Consumer can obtain this evidence from an Authorization Registry / Entitled Party before requesting a specific service.

service_consumer_assertion
in header
string

iSHARE specific optional client assertion. Used when a Service Consumer is requesting a service on behalf of another Service Consumer in a 'service broker' pattern. It is used to prove that the 'brokering' Service Consumer indeed has had a request from the original Service Consumer

LicensePurpose
in header
string

Optional iSHARE specific value describing the purpose of the license the Service Consuming Entity requests for the data in the service response

Service-Headers
in header
string

Any service specific headers

OK

Response Example (200 OK)
{
  "service_content_1": "string",
  "service_content_n": "string"
}
Response Headers (200 OK)
LicensePurpose

Optional iSHARE specific value describing the purpose of the license the Service Consuming Entity receives for the data in the service response

string
LicenseSubLicense

Optional iSHARE specific value describing the amount of sub license(s) the Service Consuming Entity is allowed to issue for the data in the service response

string
LicenseEndDate

Optional iSHARE specific value describing the duration of the license for the data in the service response

boolean

Example service of the Service Provider

DELETE /service_provider/service

This is an example service to show how any Service Provider that adheres to iSHARE MUST apply iSHARE conformant OAuth to every iSHARE enabled service. Not bound to name 'service'. MAY have any name the Service Provider chooses.

Authorization
in header
string

Oauth 2.0 authorisation based on bearer token. MUST contain "Bearer " + access token value

delegation_evidence
in header
string

iSHARE delegation evidence regarding the requested service. The Service Consumer can obtain this evidence from an Authorization Registry / Entitled Party before requesting a specific service.

service_consumer_assertion
in header
string

iSHARE specific optional client assertion. Used when a Service Consumer is requesting a service on behalf of another Service Consumer in a 'service broker' pattern. It is used to prove that the 'brokering' Service Consumer indeed has had a request from the original Service Consumer

LicensePurpose
in header
string

Optional iSHARE specific value describing the purpose of the license the Service Consuming Entity requests for the data in the service response

Service-Headers
in header
string

Any service specific headers

OK

Response Example (200 OK)
{
  "service_content_1": "string",
  "service_content_n": "string"
}
Response Headers (200 OK)
LicensePurpose

Optional iSHARE specific value describing the purpose of the license the Service Consuming Entity receives for the data in the service response

string
LicenseSubLicense

Optional iSHARE specific value describing the amount of sub license(s) the Service Consuming Entity is allowed to issue for the data in the service response

string
LicenseEndDate

Optional iSHARE specific value describing the duration of the license for the data in the service response

boolean

Entitled Party

Obtains access token

POST /entitled_party/oauth2.0/token

Used to obtain an OAuth access token from the Entitled Party. The format of access_token is not defined by this specification. They are left to the server and should be opaque to the Service Consumer. Refer to the iSHARE OAuth 2.0 documentation on the Technical Agreements page for additional information on the expected values from this access token request body.

grant_type
in formData
string

OAuth 2.0 grant type. MUST contain "client_credentials"

scope
in formData
string

OAuth 2.0 scope. Defaults to "iSHARE", indicating all rights of the Service Consumer are requested. Other values allow the Service Consumer to get tokens that do not include all rights the Service Consumer has.

client_id
in formData
string

OpenID Connect 1.0 client ID. Used in iSHARE for all client identification for OAuth/OpenID Connect. MUST contain a valid iSHARE identifier of the Service Consumer

client_assertion_type
in formData
string

OpenID Connect 1.0 client assertion type. Used in iSHARE for all client identification for OAuth/OpenID Connect. MUST contain "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"

client_assertion
in formData
string

OpenID Connect 1.0 client assertion. Used in iSHARE for all client identification for OAuth/OpenID Connect. MUST contain JWT token conform iSHARE specifications, signed by the client.

Request body Example application/x-www-form-urlencoded
grant_type=client_credentials&scope=iSHARE&client_id=EU.EORI.NL000000001&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&client_assertion=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlFZ1RDQ0FtbWdBd0lCQWdJSU45VmlDRGkzQndzd0RRWUpLb1pJaHZjTkFRRUxCUUF3U0RFWk1CY0dBMVVFQXd3UWFWTklRVkpGVkdWemRFTkJYMVJNVXpFTk1Bc0dBMVVFQ3d3RVZHVnpkREVQTUEwR0ExVUVDZ3dHYVZOSVFWSkZNUXN3Q1FZRFZRUUdFd0pPVERBZUZ3MHhPVEF5TVRVeE1UUTJNVFZhRncweU1UQXlNVFF4TVRRMk1UVmFNRUl4RlRBVEJnTlZCQU1NREVGQ1F5QlVjblZqYTJsdVp6RWNNQm9HQTFVRUJSTVRSVlV1UlU5U1NTNU9UREF3TURBd01EQXdNVEVMTUFrR0ExVUVCaE1DVGt3d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMwTzRoVWhEK1ZvT0tWSVpTTk1OVGZ6YzBPMmtZaitaenBRRUFCWkd0UHR5MGtLUEplcDArbzV4c3RvdTFLK1V4dkhmeEVwSHhIR1RkdHFadWMyOExoVTRDZUNnb2VETURUK0NIUzNOb3NpRVNRTXdoL1paZVRjOS9lS0NvNTY5R0NuKzJYdFRpR1NwQlN3TVNXcU5IZ3BBWllLZEhyVC9rRU1JeVRLb2F1dWlLUThjVXA3b3c3bVp6LzlLK3FWM3M5TDAzMFc4SWF3TEpCSksvMmFwQXQ1amgxajQvbUY3ZjBxOHpoemhyQzh2MDFQTGxaZHVUempqQnJlN216K3lpL3ZsWXovZWFwMGVZVGpoeElhdHlWOUZGd2xtaTRGQzFDTmNNdExoOG5zaUpvZTVjQm0xM0xLYlFGdTNHWUg3Nm9lTFp2V3FiUGJwMTFteGxIYS9LZEFnTUJBQUdqZFRCek1Bd0dBMVVkRXdFQi93UUNNQUF3SHdZRFZSMGpCQmd3Rm9BVUZqem5JT25XbE84ZjVhTHh1UHkrNnQ4c040RXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUhBd0V3SFFZRFZSME9CQllFRkFQSCs4VXJZaVZMWGFLUFJHZmxrQStjdXNRN01BNEdBMVVkRHdFQi93UUVBd0lGb0RBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQVlsNXRXSDBZdFlTOUp5cXlsWkpXb21BNTVTaEtsbGFCUmN2cm82Q0h4bGxKV0hvMHFDOVpUTWN2Q3l3TXYxNFZKeVFkNmVGWnFjVnRPbHVHclJaQmtsSDlBYW5rb3ZwMkpMYXFjRDc5dDFDeXVYWm5JelRGbC9Ca01zRTZ3bEFKWFkvc2Fybm94ZWllalA0RS9FZi8wZXVJRnZCYUlDQ0YrS2QyV0pZYmJuMFd5MGRINDg0UUpiSHlNdFZmcjQyb0lwVU5WdUxTdTg0eUtZQWVtOUpCdVlUcDNZMEsyaGlFQVcvYk9LRHZ2SGV0VmY1ZnU2NnlmZWtEWDUzajNOS2lGSkNYUzJyS0lab0R1TUZ1eHBTeVZrUzJrYldrMSs1Sm95N3FPU05BTlJGUGxwSGNnekxRWnA4SHJndmhzbWhJdDFWVFZZa3l4Y2Q4cVhBbGh3cVZnT3E1TmdMeGtxdWw5aE5NR2lNN3NxK0g3M1EvRmk4aWY3Z1A4SVZBU3pRR3d1SGcyWjg3aWI2QTJ2b24wZlJKWnEzZkl1YkhveEk2M0FUd2ZjUks4NnkxNzJ4YkZFM1ZVMGR1TjF0STVaMFRDZzBHQUpZdEpwYm52ZXhJdDVsazVGSWs0VGh2UjBMOG1OTHkxRFVhMTFOK0VNeGtxYmZxbFR1ckI4WmczQ1kvUWFTS21YWTVDTVV3V2VFQlhSSGh5ZmtaUTVqUFBVSHJGYW95T1JYOHAxRXJZRGt0QjFLOW80am11RVZwQjMzY3ZnWUJFaUF5VjV6NDQyNkZ1VkNNYkhhRkRWN2lLVzllQmxYb3hlWm80WFg4K2pYeVNMNUdXOFh3TlJUSzVjNHZXMDJRM1ZKeVlWZTV1bWVzdHNLUStMUjhpQXpvVVNyZUsxOCtKa0FqQUpVPSJdfQ.eyJpc3MiOiJFVS5FT1JJLk5MMDAwMDAwMDAxIiwic3ViIjoiRVUuRU9SSS5OTDAwMDAwMDAwMSIsImp0aSI6IjZiNjYwNjg5OTk5ZTRlNjg5M2E2ZjY1YTIyZjljMjgyIiwiaWF0IjoxNTU2MDM1MjczLCJuYmYiOjE1NTYwMzUyNzMsImV4cCI6MTU1NjAzNTMwMywiYXVkIjoiRVUuRU9SSS5OTDAwMDAwMDAwNSJ9.GV3DIqj8uKC5XjDyUFVKuiaLboLirV4KmrgpDJpG5D8a7RrTXvLhQ819twRDXkjY8Ym50_SF7J2kjCNPzqoSFoFPpbWihyPw8P5E4rLAu1_eFXx_VaDtzw2ZO8aOGeJnLGzP-Wu_B1wZwpPSFB74UspYxjX-tw3duV84KvbkPSxtl5wq7LgG0x168toBflkVINVTCxWGU8G_Yb20p0AQmNGpeZ_mFXPsT41HMfNvxCHTB7B-Xw3_4gyCghXeCj3bBlf26v67pT6pAzUDhLH6JnSx6KyM3_LNRsUZ0pN9kPxnqdD1QL061K9yMWpygnrghYBfnVyjoGIbMn56TjRcUg
Request body Example formatted for visibility

  {
  "grant_type": "client_credentials",
  "scope": "iSHARE",
  "client_id": "EU.EORI.NL000000001",
  "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
  "client_assertion": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlFZ1RDQ0FtbWdBd0lCQWdJSU45VmlDRGkzQndzd0RRWUpLb1pJaHZjTkFRRUxCUUF3U0RFWk1CY0dBMVVFQXd3UWFWTklRVkpGVkdWemRFTkJYMVJNVXpFTk1Bc0dBMVVFQ3d3RVZHVnpkREVQTUEwR0ExVUVDZ3dHYVZOSVFWSkZNUXN3Q1FZRFZRUUdFd0pPVERBZUZ3MHhPVEF5TVRVeE1UUTJNVFZhRncweU1UQXlNVFF4TVRRMk1UVmFNRUl4RlRBVEJnTlZCQU1NREVGQ1F5QlVjblZqYTJsdVp6RWNNQm9HQTFVRUJSTVRSVlV1UlU5U1NTNU9UREF3TURBd01EQXdNVEVMTUFrR0ExVUVCaE1DVGt3d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMwTzRoVWhEK1ZvT0tWSVpTTk1OVGZ6YzBPMmtZaitaenBRRUFCWkd0UHR5MGtLUEplcDArbzV4c3RvdTFLK1V4dkhmeEVwSHhIR1RkdHFadWMyOExoVTRDZUNnb2VETURUK0NIUzNOb3NpRVNRTXdoL1paZVRjOS9lS0NvNTY5R0NuKzJYdFRpR1NwQlN3TVNXcU5IZ3BBWllLZEhyVC9rRU1JeVRLb2F1dWlLUThjVXA3b3c3bVp6LzlLK3FWM3M5TDAzMFc4SWF3TEpCSksvMmFwQXQ1amgxajQvbUY3ZjBxOHpoemhyQzh2MDFQTGxaZHVUempqQnJlN216K3lpL3ZsWXovZWFwMGVZVGpoeElhdHlWOUZGd2xtaTRGQzFDTmNNdExoOG5zaUpvZTVjQm0xM0xLYlFGdTNHWUg3Nm9lTFp2V3FiUGJwMTFteGxIYS9LZEFnTUJBQUdqZFRCek1Bd0dBMVVkRXdFQi93UUNNQUF3SHdZRFZSMGpCQmd3Rm9BVUZqem5JT25XbE84ZjVhTHh1UHkrNnQ4c040RXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUhBd0V3SFFZRFZSME9CQllFRkFQSCs4VXJZaVZMWGFLUFJHZmxrQStjdXNRN01BNEdBMVVkRHdFQi93UUVBd0lGb0RBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQVlsNXRXSDBZdFlTOUp5cXlsWkpXb21BNTVTaEtsbGFCUmN2cm82Q0h4bGxKV0hvMHFDOVpUTWN2Q3l3TXYxNFZKeVFkNmVGWnFjVnRPbHVHclJaQmtsSDlBYW5rb3ZwMkpMYXFjRDc5dDFDeXVYWm5JelRGbC9Ca01zRTZ3bEFKWFkvc2Fybm94ZWllalA0RS9FZi8wZXVJRnZCYUlDQ0YrS2QyV0pZYmJuMFd5MGRINDg0UUpiSHlNdFZmcjQyb0lwVU5WdUxTdTg0eUtZQWVtOUpCdVlUcDNZMEsyaGlFQVcvYk9LRHZ2SGV0VmY1ZnU2NnlmZWtEWDUzajNOS2lGSkNYUzJyS0lab0R1TUZ1eHBTeVZrUzJrYldrMSs1Sm95N3FPU05BTlJGUGxwSGNnekxRWnA4SHJndmhzbWhJdDFWVFZZa3l4Y2Q4cVhBbGh3cVZnT3E1TmdMeGtxdWw5aE5NR2lNN3NxK0g3M1EvRmk4aWY3Z1A4SVZBU3pRR3d1SGcyWjg3aWI2QTJ2b24wZlJKWnEzZkl1YkhveEk2M0FUd2ZjUks4NnkxNzJ4YkZFM1ZVMGR1TjF0STVaMFRDZzBHQUpZdEpwYm52ZXhJdDVsazVGSWs0VGh2UjBMOG1OTHkxRFVhMTFOK0VNeGtxYmZxbFR1ckI4WmczQ1kvUWFTS21YWTVDTVV3V2VFQlhSSGh5ZmtaUTVqUFBVSHJGYW95T1JYOHAxRXJZRGt0QjFLOW80am11RVZwQjMzY3ZnWUJFaUF5VjV6NDQyNkZ1VkNNYkhhRkRWN2lLVzllQmxYb3hlWm80WFg4K2pYeVNMNUdXOFh3TlJUSzVjNHZXMDJRM1ZKeVlWZTV1bWVzdHNLUStMUjhpQXpvVVNyZUsxOCtKa0FqQUpVPSJdfQ.eyJpc3MiOiJFVS5FT1JJLk5MMDAwMDAwMDAxIiwic3ViIjoiRVUuRU9SSS5OTDAwMDAwMDAwMSIsImp0aSI6IjZiNjYwNjg5OTk5ZTRlNjg5M2E2ZjY1YTIyZjljMjgyIiwiaWF0IjoxNTU2MDM1MjczLCJuYmYiOjE1NTYwMzUyNzMsImV4cCI6MTU1NjAzNTMwMywiYXVkIjoiRVUuRU9SSS5OTDAwMDAwMDAwNSJ9.GV3DIqj8uKC5XjDyUFVKuiaLboLirV4KmrgpDJpG5D8a7RrTXvLhQ819twRDXkjY8Ym50_SF7J2kjCNPzqoSFoFPpbWihyPw8P5E4rLAu1_eFXx_VaDtzw2ZO8aOGeJnLGzP-Wu_B1wZwpPSFB74UspYxjX-tw3duV84KvbkPSxtl5wq7LgG0x168toBflkVINVTCxWGU8G_Yb20p0AQmNGpeZ_mFXPsT41HMfNvxCHTB7B-Xw3_4gyCghXeCj3bBlf26v67pT6pAzUDhLH6JnSx6KyM3_LNRsUZ0pN9kPxnqdD1QL061K9yMWpygnrghYBfnVyjoGIbMn56TjRcUg",
  }
200 OK
access_token

string

token_type

string

expires_in

integer

Response Example (200 OK)
{
  "access_token""eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1NTYwMzU0NjAsImV4cCI6MTU1NjAzOTA2MCwiaXNzIjoiaHR0cHM6Ly9iYW5hbmEuaXNoYXJldGVzdC5uZXQvIiwiYXVkIjoiRVUuRU9SSS5OTDAwMDAwMDAwNSIsImNsaWVudF9pZCI6IkVVLkVPUkkuTkwwMDAwMDAwMDEiLCJzY29wZSI6WyJpU0hBUkUiXX0.dru077blGGQQBgdEc0Xb656aihFPG-RdH13GL2GFmqewpWMKeJbFjGdVEmHI3bKjCDLaIVJ5dCxiPdKm03cVuqSlKqrYWissQ3P7KMw7xnB_JQG3b1kblPEUvolNl1HH8cY2PMF5cYb80pJcPPWTNNlTw2libd_cBXZyfqecwjQq-QjMdXFAnCKlaE-3xXyjLAH7TGBE63IzqKbIe2GRZJ-4ysvlQsvJ8qBsW57SHl6aH2aHBtdfpMbLnY1gmZvwcWD2-g5Rp8QYRwkS-cNygrGXdCDyY0WoAIcyfqt8AYCaoin4UU2wwyc-jMt-lFjAw-TRghjRtWi-iBHK0itwwA",
  "token_type": "Bearer",
  "expires_in": 3600
}

Obtains delegation evidence

POST /entitled_party/delegation

Used to obtain delegation evidence from an Entitled Party. Note a Service Provider MUST validate the Entitled Party only provides information about his own delegations. Please refer to the models ‘jwt_header’ and and ‘jwt_payload_delegationevidence’ which indicate what the decoded response will look like.

Request body contains object with the required delegationRequest, optional delegation_chain and the required client_assertion in the previous_steps field. DelegationRequest contains a required JSON object that describes the evidence that is requested from the /delegation endpoint. Previous_steps contains a required array of evidence that the client has legitimate reason to request delegation evidence. A single step contains either a previous delegationEvidence statement or a client_assertion. The minimum is a client_assertion of one of the parties mentioned in the delegationRequest, and additional client_assertions/delegationEvidence when multiple delegation policies need to be linked together.

Authorization
in header
string

Oauth 2.0 authorisation based on bearer token. MUST contain "Bearer " + access token value

Request Example
{
    "delegationRequest": {
      "policyIssuer": "string",
      "target": {
        "accessSubject": "string"
      },
      "policySets": [
      {
        "policies": [
        {
          "target": {
            "resource": {
              "type": "string",
              "identifiers": [
                "string"
              ],
              "attributes": [
                "string"
              ]
            },
            "actions": [
              "string"
            ],
            "environment": {
              "serviceProviders": [
              "string"]
            }
          },
          "rules": [
            {
              "effect": "string"
            }
           ]
         }
       ]
     }
   ]
  },
  "previous_steps": [
    "string"
  ]
}
delegation_token

string

Response Example (200 OK)
{
  "delegation_token":"eyJ4NWMiOlsiTUlJRWx6Q0NBbitnQXdJQkFnSUlKWGdMMHBKK0lvQXdEUVlKS29aSWh2Y05BUUVMQlFBd1NERVpNQmNHQTFVRUF3d1FhVk5JUVZKRlZHVnpkRU5CWDFSTVV6RU5NQXNHQTFVRUN3d0VWR1Z6ZERFUE1BMEdBMVVFQ2d3R2FWTklRVkpGTVFzd0NRWURWUVFHRXdKT1REQWVGdzB4T1RBeU1UVXhNVFEyTWpaYUZ3MHlNVEF5TVRReE1UUTJNalphTUZneEt6QXBCZ05WQkFNTUltbFRTRUZTUlNCVVpYTjBJRUYxZEdodmNtbDZZWFJwYjI0Z1VtVm5hWE4wY25reEhEQWFCZ05WQkFVVEUwVlZMa1ZQVWtrdVRrd3dNREF3TURBd01EUXhDekFKQmdOVkJBWVRBazVNTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF4KzlvQUxqam9sMitMeVl3TnlSekpqZ0IyWlIxaUtQVzRiMHRmL041ZnkyZUFPS3dFTElOTkRxNlU5M00vdlVxWXBkVlVqV1VVZjQrZ3ZxTW00UGUwdUZhWDlXTEJ6WWQvMGNQcUlmd3l5ZDgzeGhlMk1MeEExSHpPUjJOQUQ1b0oxR1RoRXpWRzQybVlGc0hyVEJRaXcrUHNrNXBWM1B1QlNXc0Q2SUxNOUlBU3BpZlcwSmR0dDdDQU5VeVkvc3l2dmx2ejlKdXhQbjNsc01pT25tLys1ZnpRMFZTS1ZtTEVjUWgyeTBmd0FySWtiQkYxQTNaeG5LWHJLUUVZTllIZmlqVk11VkZVOVQ3QjVTVmFsUVJDUjY0ZUdNeTA5Rm53ZGJWOEVUZTMwYnhsamx6QjAzeWhNbFllS3BnY3ZkRlBHN1BkNzZIKyszS3JDdnJxS0FuZFFJREFRQUJvM1V3Y3pBTUJnTlZIUk1CQWY4RUFqQUFNQjhHQTFVZEl3UVlNQmFBRkJZODV5RHAxcFR2SCtXaThiajh2dXJmTERlQk1CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUJNQjBHQTFVZERnUVdCQlNwcmZuMnVvWUNTRC9rMUhURit6YnpPdU9UN3pBT0JnTlZIUThCQWY4RUJBTUNCYUF3RFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUxxaURza0c3RXczelloVTJSUXBOUU50MEtocy9tZDFmUDVMYzFxTUQvVlhVSWFpaC9DM3daRVF2UjhoaFFYTGVNNzlxSDNIeDhUSjJ0eDBubUU1N1FnV3pVdjBINEMrbGYyak93eExyZytwVksyVzRxUmEzNmZiSkdMd2FONW9CVnJEejhuT0F2RXFZUVZ0ckdsVlVNbGFYNkF6dVpJT2J1cW9RNHdQNTdrV1ZHdTdaUitYdzlxYk5qK2RNNjEzOUxGSGV4MHlDeXg5NHF1Q2ZaM254eEVnN3ZjaTUvS3ErMEFSZjJxbG1RdlozSm14dXdEMEZTQS9TVi9QWkhLcFk1NVl4M0hFR01oeVVyT0Z3OVY2d015TllUTWIyUmVRUzJyQ0h1UXhTcGg0eVErZTNEc0dkcWxTM01JYS9hYzN6SXRCR2RDVXZGQ092cHdBOUpxNHJNV3Q4Ulh2ZUNQYkNuM0ZteUsrSFpTV001M0VCM1pFUk9lK0FJMWN5NnhhbGxac21iRUY1MHFXeVh3UEJ6WExpNU1ZcmNXUmZYOFI0RUxWYnRxTWR2YWIyN2JtR0Z4UVBuTmIxOElSd05BNjVrMkFrbVc1Tjd0dXFoZGNaSnl4Uk84MDJUTDJ0V3dxRStzQjdIQS9ReXRZb0wxOUticnUvbHg2a2FwVEdrWldzSHhERVBMOUNIaDZNS3VUY3dFMWcwbkJ2OUwwbGhGQWFkWmU2QlpEbWdJak1tbW54aGszc1lLTW5Lc2Yrc083WlUrOSt3dER6U3E0UTNMUlJmNUpJQWdRZU9rMjBjejRjdkVKbEgyMHUrL3hEeGpoL1BWVW4vS1h0UVJRY2ZMNk1OV2JoSExUTmpPenBLZGw2OGJCMXVseDF3MHJMUStLRTRWR1pYMFB1MTM2Il0sImFsZyI6IlJTMjU2IiwidHlwIjoiSldUIn0.eyJpc3MiOiJFVS5FT1JJLk5MMDAwMDAwMDA0Iiwic3ViIjoiRVUuRU9SSS5OTDAwMDAwMDAwMSIsImp0aSI6Ijg5NGU0Y2MzMGM5YjQ4ODBiNzRiMWE2MzFhMzkzMTkxIiwiaWF0IjoxNTU2MDM1ODgzLCJleHAiOjE1NTYwMzU5MTMsImF1ZCI6IkVVLkVPUkkuTkwwMDAwMDAwMDMiLCJkZWxlZ2F0aW9uRXZpZGVuY2UiOnsibm90QmVmb3JlIjoxNTQxMDU4OTM5LCJub3RPbk9yQWZ0ZXIiOjE1NjEwNTg5MzksInBvbGljeUlzc3VlciI6IkVVLkVPUkkuTkwwMDAwMDAwMDUiLCJ0YXJnZXQiOnsiYWNjZXNzU3ViamVjdCI6IkVVLkVPUkkuTkwwMDAwMDAwMDEifSwicG9saWN5U2V0cyI6W3sibWF4RGVsZWdhdGlvbkRlcHRoIjowLCJ0YXJnZXQiOnsiZW52aXJvbm1lbnQiOnsibGljZW5zZXMiOlsiSVNIQVJFLjAwMDEiXX19LCJwb2xpY2llcyI6W3sidGFyZ2V0Ijp7InJlc291cmNlIjp7InR5cGUiOiJHUzEuQ09OVEFJTkVSIiwiaWRlbnRpZmllcnMiOlsiMTgwNjIxLkNPTlRBSU5FUi1aIl0sImF0dHJpYnV0ZXMiOlsiR1MxLkNPTlRBSU5FUi5BVFRSSUJVVEUuRVRBIiwiR1MxLkNPTlRBSU5FUi5BVFRSSUJVVEUuV0VJR0hUIl19LCJlbnZpcm9ubWVudCI6eyJzZXJ2aWNlUHJvdmlkZXJzIjpbIkVVLkVPUkkuTkwwMDAwMDAwMDMiXX0sImFjdGlvbnMiOlsiSVNIQVJFLlJFQUQiLCJJU0hBUkUuQ1JFQVRFIiwiSVNIQVJFLlVQREFURSIsIklTSEFSRS5ERUxFVEUiXX0sInJ1bGVzIjpbeyJlZmZlY3QiOiJQZXJtaXQifV19XX1dfX0.IkvNzx2_UoSHk1qMr4yiZj-CYEvYJ94IStGOT-ckZ2IRkCSymELOGGY77qj8KvjGTB-oLx7WA3a1-SHxCnDMM1OupMLwvEkReppV72jixdOMgdBOCejcwcs8HTGwjpXE8CkEEB3RhuTks4-chIwr12jWbASn4-rR9LSfFWeQ1CTBzkmZbpW4h4_IKB6t77T3TW8xIzms6n4pavfc7vWbwVylontZ0OzrsWS1RXaQxCWq7-5qm84e0W0M7F1nx4HIqlUGPtirIj8KHrhuJaq-TE9Zol0h1Cf53WYw0x2GQOyP3m6Baim5gzIP9o7_W7SBrPPk9NW9O5P9RlSBJGmJJw"
}
Decoded Response Example (JWT Payload)
{
  "delegationEvidence": {
    "notBefore": 1541058939,
    "notOnOrAfter": 1561058939,
    "policyIssuer": "EU.EORI.NL000000005",
    "target": {
      "accessSubject": "EU.EORI.NL000000001"
    },
    "policySets": [
      {
        "maxDelegationDepth": 0,
        "target": {
          "environment": {
            "licenses": [
              "ISHARE.0001"
            ]
          }
        },
        "policies": [
          {
            "target": {
              "resource": {
                "type": "GS1.CONTAINER",
                "identifiers": [
                  "180621.CONTAINER-Z"
                ],
                "attributes": [
                  "GS1.CONTAINER.ATTRIBUTE.ETA",
                  "GS1.CONTAINER.ATTRIBUTE.WEIGHT"
                ]
              },
              "actions": [
                "ISHARE.READ",
                "ISHARE.CREATE",
                "ISHARE.UPDATE",
                "ISHARE.DELETE"
                ],
              "environment": {
                "serviceProviders": [
                  "EU.EORI.NL000000003"
                ]
              }
            },
            "rules": [
              {
                "effect": "Permit"
              }
            ]
          }
        ]
      }
    ]
  }
}

Authorization Registry

Obtains access token

POST /authorization_registry/oauth2.0/token

Used to obtain an OAuth access token from the Authorization Registry. The format of access_token is not defined by this specification. They are left to the server and should be opaque to the Service Consumer. Refer to the iSHARE OAuth 2.0 documentation on the Technical Agreements page for additional information on the expected values from this access token request body.

grant_type
in formData
string

OAuth 2.0 grant type. MUST contain "client_credentials"

scope
in formData
string

OAuth 2.0 scope. Defaults to "iSHARE", indicating all rights of the Service Consumer are requested. Other values allow the Service Consumer to get tokens that do not include all rights the Service Consumer has.

client_id
in formData
string

OpenID Connect 1.0 client ID. Used in iSHARE for all client identification for OAuth/OpenID Connect. MUST contain a valid iSHARE identifier of the Service Consumer

client_assertion_type
in formData
string

OpenID Connect 1.0 client assertion type. Used in iSHARE for all client identification for OAuth/OpenID Connect. MUST contain "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"

client_assertion
in formData
string

OpenID Connect 1.0 client assertion. Used in iSHARE for all client identification for OAuth/OpenID Connect. MUST contain JWT token conform iSHARE specifications, signed by the client.

Request body Example application/x-www-form-urlencoded
grant_type=client_credentials&scope=iSHARE&client_id=EU.EORI.NL000000001&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&client_assertion=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlFZ1RDQ0FtbWdBd0lCQWdJSU45VmlDRGkzQndzd0RRWUpLb1pJaHZjTkFRRUxCUUF3U0RFWk1CY0dBMVVFQXd3UWFWTklRVkpGVkdWemRFTkJYMVJNVXpFTk1Bc0dBMVVFQ3d3RVZHVnpkREVQTUEwR0ExVUVDZ3dHYVZOSVFWSkZNUXN3Q1FZRFZRUUdFd0pPVERBZUZ3MHhPVEF5TVRVeE1UUTJNVFZhRncweU1UQXlNVFF4TVRRMk1UVmFNRUl4RlRBVEJnTlZCQU1NREVGQ1F5QlVjblZqYTJsdVp6RWNNQm9HQTFVRUJSTVRSVlV1UlU5U1NTNU9UREF3TURBd01EQXdNVEVMTUFrR0ExVUVCaE1DVGt3d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMwTzRoVWhEK1ZvT0tWSVpTTk1OVGZ6YzBPMmtZaitaenBRRUFCWkd0UHR5MGtLUEplcDArbzV4c3RvdTFLK1V4dkhmeEVwSHhIR1RkdHFadWMyOExoVTRDZUNnb2VETURUK0NIUzNOb3NpRVNRTXdoL1paZVRjOS9lS0NvNTY5R0NuKzJYdFRpR1NwQlN3TVNXcU5IZ3BBWllLZEhyVC9rRU1JeVRLb2F1dWlLUThjVXA3b3c3bVp6LzlLK3FWM3M5TDAzMFc4SWF3TEpCSksvMmFwQXQ1amgxajQvbUY3ZjBxOHpoemhyQzh2MDFQTGxaZHVUempqQnJlN216K3lpL3ZsWXovZWFwMGVZVGpoeElhdHlWOUZGd2xtaTRGQzFDTmNNdExoOG5zaUpvZTVjQm0xM0xLYlFGdTNHWUg3Nm9lTFp2V3FiUGJwMTFteGxIYS9LZEFnTUJBQUdqZFRCek1Bd0dBMVVkRXdFQi93UUNNQUF3SHdZRFZSMGpCQmd3Rm9BVUZqem5JT25XbE84ZjVhTHh1UHkrNnQ4c040RXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUhBd0V3SFFZRFZSME9CQllFRkFQSCs4VXJZaVZMWGFLUFJHZmxrQStjdXNRN01BNEdBMVVkRHdFQi93UUVBd0lGb0RBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQVlsNXRXSDBZdFlTOUp5cXlsWkpXb21BNTVTaEtsbGFCUmN2cm82Q0h4bGxKV0hvMHFDOVpUTWN2Q3l3TXYxNFZKeVFkNmVGWnFjVnRPbHVHclJaQmtsSDlBYW5rb3ZwMkpMYXFjRDc5dDFDeXVYWm5JelRGbC9Ca01zRTZ3bEFKWFkvc2Fybm94ZWllalA0RS9FZi8wZXVJRnZCYUlDQ0YrS2QyV0pZYmJuMFd5MGRINDg0UUpiSHlNdFZmcjQyb0lwVU5WdUxTdTg0eUtZQWVtOUpCdVlUcDNZMEsyaGlFQVcvYk9LRHZ2SGV0VmY1ZnU2NnlmZWtEWDUzajNOS2lGSkNYUzJyS0lab0R1TUZ1eHBTeVZrUzJrYldrMSs1Sm95N3FPU05BTlJGUGxwSGNnekxRWnA4SHJndmhzbWhJdDFWVFZZa3l4Y2Q4cVhBbGh3cVZnT3E1TmdMeGtxdWw5aE5NR2lNN3NxK0g3M1EvRmk4aWY3Z1A4SVZBU3pRR3d1SGcyWjg3aWI2QTJ2b24wZlJKWnEzZkl1YkhveEk2M0FUd2ZjUks4NnkxNzJ4YkZFM1ZVMGR1TjF0STVaMFRDZzBHQUpZdEpwYm52ZXhJdDVsazVGSWs0VGh2UjBMOG1OTHkxRFVhMTFOK0VNeGtxYmZxbFR1ckI4WmczQ1kvUWFTS21YWTVDTVV3V2VFQlhSSGh5ZmtaUTVqUFBVSHJGYW95T1JYOHAxRXJZRGt0QjFLOW80am11RVZwQjMzY3ZnWUJFaUF5VjV6NDQyNkZ1VkNNYkhhRkRWN2lLVzllQmxYb3hlWm80WFg4K2pYeVNMNUdXOFh3TlJUSzVjNHZXMDJRM1ZKeVlWZTV1bWVzdHNLUStMUjhpQXpvVVNyZUsxOCtKa0FqQUpVPSJdfQ.eyJpc3MiOiJFVS5FT1JJLk5MMDAwMDAwMDAxIiwic3ViIjoiRVUuRU9SSS5OTDAwMDAwMDAwMSIsImp0aSI6Ijc4NWYwNzQwNjc4YjRmNzg5ZDljM2YwMDEzMDQ3MGYzIiwiaWF0IjoxNTU2MDM2MzA3LCJuYmYiOjE1NTYwMzYzMDcsImV4cCI6MTU1NjAzNjMzNywiYXVkIjoiRVUuRU9SSS5OTDAwMDAwMDAwNCJ9.jVgyMDrTYFrCDn1XMqDyYMCw34FBiYuxFUAhub4gVqczs6qEhNyyIi98tfMda3gAmWCLSD7LcUUXydg2xequHP0_K0eS9iikFarc9B543N6K3YOoxqA9qfnvZbZ7EoyFyL5X2uYZ_qb7R3dDhd1LFGvqp6eN8PBfiurjiU5Nv-mPtxTUiHt3teKLHUv6ALMIuIsbDf0QkxK7kIJUte54Q1Ewp0scro9utB1l2OO4mXRDoVYYj5lvFBFTEWqKoQ2PXOfEvYzSxjaUjRoN9mMr4Av6q2IVnHcGBZf2kZjCORBoYNnqpN_TSgf0lfGSsM2BYmnbs4rIwo-DOOYEIbV4YQ
Request body Example formatted for visibility

  {
  "grant_type": "client_credentials",
  "scope": "iSHARE",
  "client_id": "EU.EORI.NL000000001",
  "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
  "client_assertion": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlFZ1RDQ0FtbWdBd0lCQWdJSU45VmlDRGkzQndzd0RRWUpLb1pJaHZjTkFRRUxCUUF3U0RFWk1CY0dBMVVFQXd3UWFWTklRVkpGVkdWemRFTkJYMVJNVXpFTk1Bc0dBMVVFQ3d3RVZHVnpkREVQTUEwR0ExVUVDZ3dHYVZOSVFWSkZNUXN3Q1FZRFZRUUdFd0pPVERBZUZ3MHhPVEF5TVRVeE1UUTJNVFZhRncweU1UQXlNVFF4TVRRMk1UVmFNRUl4RlRBVEJnTlZCQU1NREVGQ1F5QlVjblZqYTJsdVp6RWNNQm9HQTFVRUJSTVRSVlV1UlU5U1NTNU9UREF3TURBd01EQXdNVEVMTUFrR0ExVUVCaE1DVGt3d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMwTzRoVWhEK1ZvT0tWSVpTTk1OVGZ6YzBPMmtZaitaenBRRUFCWkd0UHR5MGtLUEplcDArbzV4c3RvdTFLK1V4dkhmeEVwSHhIR1RkdHFadWMyOExoVTRDZUNnb2VETURUK0NIUzNOb3NpRVNRTXdoL1paZVRjOS9lS0NvNTY5R0NuKzJYdFRpR1NwQlN3TVNXcU5IZ3BBWllLZEhyVC9rRU1JeVRLb2F1dWlLUThjVXA3b3c3bVp6LzlLK3FWM3M5TDAzMFc4SWF3TEpCSksvMmFwQXQ1amgxajQvbUY3ZjBxOHpoemhyQzh2MDFQTGxaZHVUempqQnJlN216K3lpL3ZsWXovZWFwMGVZVGpoeElhdHlWOUZGd2xtaTRGQzFDTmNNdExoOG5zaUpvZTVjQm0xM0xLYlFGdTNHWUg3Nm9lTFp2V3FiUGJwMTFteGxIYS9LZEFnTUJBQUdqZFRCek1Bd0dBMVVkRXdFQi93UUNNQUF3SHdZRFZSMGpCQmd3Rm9BVUZqem5JT25XbE84ZjVhTHh1UHkrNnQ4c040RXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUhBd0V3SFFZRFZSME9CQllFRkFQSCs4VXJZaVZMWGFLUFJHZmxrQStjdXNRN01BNEdBMVVkRHdFQi93UUVBd0lGb0RBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQVlsNXRXSDBZdFlTOUp5cXlsWkpXb21BNTVTaEtsbGFCUmN2cm82Q0h4bGxKV0hvMHFDOVpUTWN2Q3l3TXYxNFZKeVFkNmVGWnFjVnRPbHVHclJaQmtsSDlBYW5rb3ZwMkpMYXFjRDc5dDFDeXVYWm5JelRGbC9Ca01zRTZ3bEFKWFkvc2Fybm94ZWllalA0RS9FZi8wZXVJRnZCYUlDQ0YrS2QyV0pZYmJuMFd5MGRINDg0UUpiSHlNdFZmcjQyb0lwVU5WdUxTdTg0eUtZQWVtOUpCdVlUcDNZMEsyaGlFQVcvYk9LRHZ2SGV0VmY1ZnU2NnlmZWtEWDUzajNOS2lGSkNYUzJyS0lab0R1TUZ1eHBTeVZrUzJrYldrMSs1Sm95N3FPU05BTlJGUGxwSGNnekxRWnA4SHJndmhzbWhJdDFWVFZZa3l4Y2Q4cVhBbGh3cVZnT3E1TmdMeGtxdWw5aE5NR2lNN3NxK0g3M1EvRmk4aWY3Z1A4SVZBU3pRR3d1SGcyWjg3aWI2QTJ2b24wZlJKWnEzZkl1YkhveEk2M0FUd2ZjUks4NnkxNzJ4YkZFM1ZVMGR1TjF0STVaMFRDZzBHQUpZdEpwYm52ZXhJdDVsazVGSWs0VGh2UjBMOG1OTHkxRFVhMTFOK0VNeGtxYmZxbFR1ckI4WmczQ1kvUWFTS21YWTVDTVV3V2VFQlhSSGh5ZmtaUTVqUFBVSHJGYW95T1JYOHAxRXJZRGt0QjFLOW80am11RVZwQjMzY3ZnWUJFaUF5VjV6NDQyNkZ1VkNNYkhhRkRWN2lLVzllQmxYb3hlWm80WFg4K2pYeVNMNUdXOFh3TlJUSzVjNHZXMDJRM1ZKeVlWZTV1bWVzdHNLUStMUjhpQXpvVVNyZUsxOCtKa0FqQUpVPSJdfQ.eyJpc3MiOiJFVS5FT1JJLk5MMDAwMDAwMDAxIiwic3ViIjoiRVUuRU9SSS5OTDAwMDAwMDAwMSIsImp0aSI6Ijc4NWYwNzQwNjc4YjRmNzg5ZDljM2YwMDEzMDQ3MGYzIiwiaWF0IjoxNTU2MDM2MzA3LCJuYmYiOjE1NTYwMzYzMDcsImV4cCI6MTU1NjAzNjMzNywiYXVkIjoiRVUuRU9SSS5OTDAwMDAwMDAwNCJ9.jVgyMDrTYFrCDn1XMqDyYMCw34FBiYuxFUAhub4gVqczs6qEhNyyIi98tfMda3gAmWCLSD7LcUUXydg2xequHP0_K0eS9iikFarc9B543N6K3YOoxqA9qfnvZbZ7EoyFyL5X2uYZ_qb7R3dDhd1LFGvqp6eN8PBfiurjiU5Nv-mPtxTUiHt3teKLHUv6ALMIuIsbDf0QkxK7kIJUte54Q1Ewp0scro9utB1l2OO4mXRDoVYYj5lvFBFTEWqKoQ2PXOfEvYzSxjaUjRoN9mMr4Av6q2IVnHcGBZf2kZjCORBoYNnqpN_TSgf0lfGSsM2BYmnbs4rIwo-DOOYEIbV4YQ",
  }
200 OK
access_token

string

token_type

string

expires_in

integer

Response Example (200 OK)
{
  "access_token""eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE1NTYwMzYzNDksImV4cCI6MTU1NjAzOTk0OSwiaXNzIjoiaHR0cHM6Ly9hci5pc2hhcmV0ZXN0Lm5ldC8iLCJhdWQiOiJFVS5FT1JJLk5MMDAwMDAwMDA0IiwiY2xpZW50X2lkIjoiRVUuRU9SSS5OTDAwMDAwMDAwMSIsInNjb3BlIjpbImlTSEFSRSJdfQ.Z8943z83uzcU_2QmvSWMd5IYAnW2fXW-_vz0dyHL06NFyhHvhHISScJefQl1ic-XnkonI4_RLrBsiV5VuabZKVq_QWYMFMyeyobXARl4dmp7CK2CjsZNHMMB9osHQRgrT0maEbHpX5zOzc1vObsKPif0dpYHUFjSV4V4kXIsetQzoAdT7ZcyFUSUnikza2NhmgADHgXTVoyI8YRcFoUuYzRjNMd1VqNB5W1wdy-Ejb4fshAa19FQRqB6p5JZiMY0LMqXuHjaVcN7qNB5HRsJGrd_7QgOL-4HsYvjTITwAz5Agakj4OM1x1BqR6ZgeHnRIZrJjUVKen00V0dX6EBM8A",
  "token_type": "Bearer",
  "expires_in": 3600
}

Obtains delegation evidence

POST /authorization_registry/delegation

Used to obtain delegation evidence from an Authorization Registry. The response is a signed JSON Web Token. Please refer to the models ‘jwt_header’ and and ‘jwt_payload_delegationevidence’ which indicate what the decoded response will look like. Please refer to the iSHARE language of delegation in order to understand the decoded response data model.

Request body contains object with the required delegationRequest, optional delegation_chain and the required client_assertion in the previous_steps field. DelegationRequest contains a required JSON object that describes the evidence that is requested from the /delegation endpoint. Delegation_path contains an optional array of iSHARE identifiers for a situation where multiple delegation policies need to be linked together. Previous_steps contains a required array of evidence that the client has legitimate reason to request delegation evidence. A single step contains either a previous delegationEvidence statement or a client_assertion. The minimum is a client_assertion of one of the parties mentioned in the delegationRequest, and additional client_assertions/delegationEvidence when multiple delegation policies need to be linked together.

Authorization
in header
string

Oauth 2.0 authorisation based on bearer token. MUST contain "Bearer " + access token value

Request Example
{
    "delegationRequest": {
      "policyIssuer": "string",
      "target": {
        "accessSubject": "string"
      },
      "policySets": [
      {
        "policies": [
        {
          "target": {
            "resource": {
              "type": "string",
              "identifiers": [
                "string"
              ],
              "attributes": [
                "string"
              ]
            },
            "actions": [
              "string"
            ]
          },
          "rules": [
            {
              "effect": "string"
            }
          ]
        }
      ]
    }
   ]
  },
  "delegation_path": [
    "string"
  ],
  "previous_steps": [
    "string"
  ]
}
delegation_token

string

Response Example (200 OK)
{
  "delegation_token":"eyJ4NWMiOlsiTUlJRWx6Q0NBbitnQXdJQkFnSUlKWGdMMHBKK0lvQXdEUVlKS29aSWh2Y05BUUVMQlFBd1NERVpNQmNHQTFVRUF3d1FhVk5JUVZKRlZHVnpkRU5CWDFSTVV6RU5NQXNHQTFVRUN3d0VWR1Z6ZERFUE1BMEdBMVVFQ2d3R2FWTklRVkpGTVFzd0NRWURWUVFHRXdKT1REQWVGdzB4T1RBeU1UVXhNVFEyTWpaYUZ3MHlNVEF5TVRReE1UUTJNalphTUZneEt6QXBCZ05WQkFNTUltbFRTRUZTUlNCVVpYTjBJRUYxZEdodmNtbDZZWFJwYjI0Z1VtVm5hWE4wY25reEhEQWFCZ05WQkFVVEUwVlZMa1ZQVWtrdVRrd3dNREF3TURBd01EUXhDekFKQmdOVkJBWVRBazVNTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF4KzlvQUxqam9sMitMeVl3TnlSekpqZ0IyWlIxaUtQVzRiMHRmL041ZnkyZUFPS3dFTElOTkRxNlU5M00vdlVxWXBkVlVqV1VVZjQrZ3ZxTW00UGUwdUZhWDlXTEJ6WWQvMGNQcUlmd3l5ZDgzeGhlMk1MeEExSHpPUjJOQUQ1b0oxR1RoRXpWRzQybVlGc0hyVEJRaXcrUHNrNXBWM1B1QlNXc0Q2SUxNOUlBU3BpZlcwSmR0dDdDQU5VeVkvc3l2dmx2ejlKdXhQbjNsc01pT25tLys1ZnpRMFZTS1ZtTEVjUWgyeTBmd0FySWtiQkYxQTNaeG5LWHJLUUVZTllIZmlqVk11VkZVOVQ3QjVTVmFsUVJDUjY0ZUdNeTA5Rm53ZGJWOEVUZTMwYnhsamx6QjAzeWhNbFllS3BnY3ZkRlBHN1BkNzZIKyszS3JDdnJxS0FuZFFJREFRQUJvM1V3Y3pBTUJnTlZIUk1CQWY4RUFqQUFNQjhHQTFVZEl3UVlNQmFBRkJZODV5RHAxcFR2SCtXaThiajh2dXJmTERlQk1CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUJNQjBHQTFVZERnUVdCQlNwcmZuMnVvWUNTRC9rMUhURit6YnpPdU9UN3pBT0JnTlZIUThCQWY4RUJBTUNCYUF3RFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUxxaURza0c3RXczelloVTJSUXBOUU50MEtocy9tZDFmUDVMYzFxTUQvVlhVSWFpaC9DM3daRVF2UjhoaFFYTGVNNzlxSDNIeDhUSjJ0eDBubUU1N1FnV3pVdjBINEMrbGYyak93eExyZytwVksyVzRxUmEzNmZiSkdMd2FONW9CVnJEejhuT0F2RXFZUVZ0ckdsVlVNbGFYNkF6dVpJT2J1cW9RNHdQNTdrV1ZHdTdaUitYdzlxYk5qK2RNNjEzOUxGSGV4MHlDeXg5NHF1Q2ZaM254eEVnN3ZjaTUvS3ErMEFSZjJxbG1RdlozSm14dXdEMEZTQS9TVi9QWkhLcFk1NVl4M0hFR01oeVVyT0Z3OVY2d015TllUTWIyUmVRUzJyQ0h1UXhTcGg0eVErZTNEc0dkcWxTM01JYS9hYzN6SXRCR2RDVXZGQ092cHdBOUpxNHJNV3Q4Ulh2ZUNQYkNuM0ZteUsrSFpTV001M0VCM1pFUk9lK0FJMWN5NnhhbGxac21iRUY1MHFXeVh3UEJ6WExpNU1ZcmNXUmZYOFI0RUxWYnRxTWR2YWIyN2JtR0Z4UVBuTmIxOElSd05BNjVrMkFrbVc1Tjd0dXFoZGNaSnl4Uk84MDJUTDJ0V3dxRStzQjdIQS9ReXRZb0wxOUticnUvbHg2a2FwVEdrWldzSHhERVBMOUNIaDZNS3VUY3dFMWcwbkJ2OUwwbGhGQWFkWmU2QlpEbWdJak1tbW54aGszc1lLTW5Lc2Yrc083WlUrOSt3dER6U3E0UTNMUlJmNUpJQWdRZU9rMjBjejRjdkVKbEgyMHUrL3hEeGpoL1BWVW4vS1h0UVJRY2ZMNk1OV2JoSExUTmpPenBLZGw2OGJCMXVseDF3MHJMUStLRTRWR1pYMFB1MTM2Il0sImFsZyI6IlJTMjU2IiwidHlwIjoiSldUIn0.eyJpc3MiOiJFVS5FT1JJLk5MMDAwMDAwMDA0Iiwic3ViIjoiRVUuRU9SSS5OTDAwMDAwMDAwMSIsImp0aSI6Ijg5NGU0Y2MzMGM5YjQ4ODBiNzRiMWE2MzFhMzkzMTkxIiwiaWF0IjoxNTU2MDM1ODgzLCJleHAiOjE1NTYwMzU5MTMsImF1ZCI6IkVVLkVPUkkuTkwwMDAwMDAwMDMiLCJkZWxlZ2F0aW9uRXZpZGVuY2UiOnsibm90QmVmb3JlIjoxNTQxMDU4OTM5LCJub3RPbk9yQWZ0ZXIiOjE1NjEwNTg5MzksInBvbGljeUlzc3VlciI6IkVVLkVPUkkuTkwwMDAwMDAwMDUiLCJ0YXJnZXQiOnsiYWNjZXNzU3ViamVjdCI6IkVVLkVPUkkuTkwwMDAwMDAwMDEifSwicG9saWN5U2V0cyI6W3sibWF4RGVsZWdhdGlvbkRlcHRoIjowLCJ0YXJnZXQiOnsiZW52aXJvbm1lbnQiOnsibGljZW5zZXMiOlsiSVNIQVJFLjAwMDEiXX19LCJwb2xpY2llcyI6W3sidGFyZ2V0Ijp7InJlc291cmNlIjp7InR5cGUiOiJHUzEuQ09OVEFJTkVSIiwiaWRlbnRpZmllcnMiOlsiMTgwNjIxLkNPTlRBSU5FUi1aIl0sImF0dHJpYnV0ZXMiOlsiR1MxLkNPTlRBSU5FUi5BVFRSSUJVVEUuRVRBIiwiR1MxLkNPTlRBSU5FUi5BVFRSSUJVVEUuV0VJR0hUIl19LCJlbnZpcm9ubWVudCI6eyJzZXJ2aWNlUHJvdmlkZXJzIjpbIkVVLkVPUkkuTkwwMDAwMDAwMDMiXX0sImFjdGlvbnMiOlsiSVNIQVJFLlJFQUQiLCJJU0hBUkUuQ1JFQVRFIiwiSVNIQVJFLlVQREFURSIsIklTSEFSRS5ERUxFVEUiXX0sInJ1bGVzIjpbeyJlZmZlY3QiOiJQZXJtaXQifV19XX1dfX0.IkvNzx2_UoSHk1qMr4yiZj-CYEvYJ94IStGOT-ckZ2IRkCSymELOGGY77qj8KvjGTB-oLx7WA3a1-SHxCnDMM1OupMLwvEkReppV72jixdOMgdBOCejcwcs8HTGwjpXE8CkEEB3RhuTks4-chIwr12jWbASn4-rR9LSfFWeQ1CTBzkmZbpW4h4_IKB6t77T3TW8xIzms6n4pavfc7vWbwVylontZ0OzrsWS1RXaQxCWq7-5qm84e0W0M7F1nx4HIqlUGPtirIj8KHrhuJaq-TE9Zol0h1Cf53WYw0x2GQOyP3m6Baim5gzIP9o7_W7SBrPPk9NW9O5P9RlSBJGmJJw"
}
Decoded Response Example (JWT Payload)
{
  "delegationEvidence": {
    "notBefore": 1541058939,
    "notOnOrAfter": 1561058939,
    "policyIssuer": "EU.EORI.NL000000005",
    "target": {
      "accessSubject": "EU.EORI.NL000000001"
    },
    "policySets": [
      {
        "maxDelegationDepth": 0,
        "target": {
          "environment": {
            "licenses": [
              "ISHARE.0001"
            ]
          }
        },
        "policies": [
          {
            "target": {
              "resource": {
                "type": "GS1.CONTAINER",
                "identifiers": [
                  "180621.CONTAINER-Z"
                ],
                "attributes": [
                  "GS1.CONTAINER.ATTRIBUTE.ETA",
                  "GS1.CONTAINER.ATTRIBUTE.WEIGHT"
                ]
              },
              "actions": [
                "ISHARE.READ",
                "ISHARE.CREATE",
                "ISHARE.UPDATE",
                "ISHARE.DELETE"
                ],
              "environment": {
                "serviceProviders": [
                  "EU.EORI.NL000000003"
                ]
              }
            },
            "rules": [
              {
                "effect": "Permit"
              }
            ]
          }
        ]
      }
    ]
  }
}

Identity Provider

Authenticate Human Service Consumer

POST /identity_provider/openid_connect1.0/authorize

OpenID Connect endpoint for redirecting Human Service Consumer for authentication by the Identity Provider. The request parameter is an iSHARE compliant JWT, refer to the iSHARE Identity JWTs for JWT parameters. Server response is directed to the /service_prover/openid_connect1.0/return endpoint.

response_type
in body
string

OAuth 2.0 Response Type. For iSHARE using the Authorization Code Flow, with value ‘code’ is REQUIRED. MUST be identical to the response_type value in the request JWT.

client_id
in body
string

OpenID Connect 1.0 client ID. Used in iSHARE for all client identification for OAuth/OpenID Connect. MUST contain a valid iSHARE identifier. MUST be identical to the client_id value in the request JWT.

scope
in body
string

OAuth 2.0 scope for OpenID Connect 1.0. MUST contain the ‘openid’ scope value and 'iSHARE' scope value and MAY contain one or more scopes identifying the attributes from the Human Service Consumer that are requested. Supported scopes under iSHARE are described on the Technical Agreements page, in the Human2Machine interaction section. MUST be identical to the scope value in the request JWT. Scope values determine the permissions to be asked to the user.

request
in body
string

OpenID Connect 1.0 signed JWT containing all request parameters. See iSHARE Identity JWT for JWT contents. See also Generic iSHARE JWT specifications for a.o. basic content and signing requirements. Additionally JWT MUST be encrypted using JWE as a user can access this JWT itself and decode the data contained therein.

OK

Response Example (200 OK)
{
  "code": "string",
  "state": "string"
}

Obtains access token & id token

POST /identity_provider/openid_connect1.0/token

OpenID Connect endpoint for obtaining the OAuth access token and OpenID Connect id token. Response containts, besides the OAuth access token, also an iSHARE compliant JWT id_token. Please refer to the iSHARE Identity JWTs for additional information on the JWT content.

grant_type
in body
string

OAuth 2.0 grant type. MUST contain "authorization_code"

client_id
in body
string

OpenID Connect 1.0 client ID. Used in iSHARE for all client identification for OAuth/OpenID Connect. MUST contain a valid iSHARE identifier of the Service Provider

client_assertion_type
in body
string

OpenID Connect 1.0 client assertion type. Used in iSHARE for all client identification for OAuth/OpenID Connect. MUST contain "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"

client_assertion
in body
string

OpenID Connect 1.0 client assertion. Used in iSHARE for all client identification for OAuth/OpenID Connect. MUST contain JWT token conform iSHARE specifications, signed by the client.

code
in body
string

Oauth 2.0 authorization code. MUST contain value of authorisation code received from the Identity Provider or Identity Broker in response to the /authorize request.

OK

Response Example (200 OK)
{
  "access_token": "string",
  "token_type": "string",
  "expires_in": integer,
  "id_token": "string"
}
Response Headers (200 OK)
Cache-Control

MUST contain 'no-store'

string
Pragma

MUST contain 'no-cache'

string

Obtains info on Human Service Consumer

POST /identity_provider/openid_connect1.0/userinfo

OpenID Connect endpoint for obtaining attributes of a Human Service Consumer conform scope defined in access token. Please refer to the models ‘jwt_header’ and ‘jwt_payload_userinfo’ which indicate what the decoded response will look like.

Authorization
in header
string

Oauth 2.0 authorisation based on bearer token. MUST contain "Bearer " + access token value

request
in body
string

Optional. JWT request asking for all authorizations or a specific authorization. Refer to the delegation_body of an AR request on this page for the specification of a delegation mask.

200 OK

OK

Response Example (200 OK)
{
  "userinfo_token": "string"
}

Schema Definitions

jwt_header:

alg: string
typ: string
x5c: string[]
string
Example
{
  "alg": "RS256",
  "typ": "JWT",
  "x5c": [
    "string"
  ]
}

jwt_payload_party: object

iss: string
sub: string
aud: string
jti: string
exp: integer
iat: integer
party_info: party_info
Example
{
  "iss": "EU.EORI.NL123456789",
  "sub": "EU.EORI.NL123456789",
  "aud": "EU.EORI.NL987654321",
  "jti": "378a47c4-2822-4ca5-a49a-7e5a1cc7ea59",
  "exp": 1504683475,
  "iat": 1504683445,
  "party_info": {
    "party_id": "string",
    "party_name": "string",
    "adherence": {
      "status": "string",
      "start_date": "string",
      "end_date": "string"
    },
    "certifications": [
      {
        "role": "string",
        "start_date": "string",
        "end_date": "string"
        "loa": integer
      }
    ],
    "capability_url": "string"
  }
}

jwt_payload_parties: object

iss: string
sub: string
aud: string
jti: string
exp: integer
iat: integer
parties_info: parties_info
Example
{
  "iss": "EU.EORI.NL123456789",
  "sub": "EU.EORI.NL123456789",
  "aud": "EU.EORI.NL987654321",
  "jti": "378a47c4-2822-4ca5-a49a-7e5a1cc7ea59",
  "exp": 1504683475,
  "iat": 1504683445,
  "parties_info": [
    {
      "party_id": "string",
      "party_name": "string",
      "adherence": {
        "status": "string",
        "start_date": "string",
        "end_date": "string"
      },
      "certifications": [
        {
          "role": "string",
          "start_date": "string",
          "end_date": "string"
          "loa": integer
        }
      ],
    "capability_url": "string"
    }
  ]
}

jwt_payload_trusted_list_token: object

iss: string
sub: string
aud: string
jti: string
exp: integer
iat: integer
trusted_list: object[]
object
subject: string
certificate_fingerprint: string
validity: string
status: string
Example
{
  "iss": "EU.EORI.NL123456789",
  "sub": "EU.EORI.NL123456789",
  "aud": "EU.EORI.NL123456789",
  "jti": "378a47c4-2822-4ca5-a49a-7e5a1cc7ea59",
  "exp": 1504683475,
  "iat": 1504683445,
  "trusted_list": [
    {
      "subject": "string",
      "certificate_fingerprint": "string",
      "validity": "string",
      "status": "string"
    }
  ]
}

jwt_payload_capabilities:

party_id: string
ishare_roles: role
role
supported_versions: version
version
Example
{
  "party_id": "string",
  "ishare_roles": [
    {
      "role": "string"
    }
  ],
  "supported_versions": [
    {
      "version": "string",
      "supported_features": [
        {
          "public": [
            {          
          "id": "string",
          "feature": "string",
          "description": "string",
          "url": "string",
          "token_endpoint": "string"
           }
        ],
        "restricted": [
            {          
          "id": "string",
          "feature": "string",
          "description": "string",
          "url": "string",
          "token_endpoint": "string"
           }
        ],
        "private": [
            {          
          "id": "string",
          "feature": "string",
          "description": "string",
          "url": "string",
          "token_endpoint": "string"
          }
         ]
        }
      ]
    }
  ]
}

jwt_payload_delegationevidence: object

delegationEvidence: object
notBefore: integer
notOnOrAfter: integer
policyIssuer: string
target: object
accessSubject: string
policySets: object[]
object
maxDelegationDepth: integer
target: object
environment: object
licenses: string[]
string
policies: object[]
object
target: object
resource: object
type: string
identifiers: string[]
string
attributes: string[]
string
actions: string[]
string
environment: object
serviceProviders: string[]
string
rules: object[]
object
effect: string
Example
{
  "delegationEvidence": {
    "notBefore": integer,
    "notOnOrAfter": integer,
    "policyIssuer": "string",
    "target": {
      "accessSubject": "string"
    },
    "policySets": [
      {
        "maxDelegationDepth": "integer",
        "target": {
          "environment": {
            "licenses": [
              "string"
            ]
          }
        },
        "policies": [
          {
            "target": {
              "resource": {
                "type": "string",
                "identifiers": [
                  "string"
                ],
                "attributes": [
                  "string"
                ]
              },
              "actions": [
                "string"
              ],
              "environment": {
                "serviceProviders": [
                  "string"
                ]
              }
            },
            "rules": [
              {
                "effect": "string"
              }
            ]
          }
        ]
      }
    ]
  }
}

jwt_payload_userinfo: object

delegation_token: object
notBefore: integer
notOnOrAfter: integer
policyIssuer: string
target: object
accessSubject: string
policySets: object[]
object
maxDelegationDepth: integer
target: object
environment: object
licenses: string[]
string
policies: object[]
object
target: object
resource: object
type: string
identifiers: string[]
string
attributes: string[]
string
actions: string[]
string
environment: object
serviceProviders: string[]
string
rules: object[]
object
effect: string
Example
{
"sub": "419404e1-07ce-4d80-9e8a-ec2b0899b600",
"first_name": "Piet",
"last_name": "Hein",
"gender": "male",
"company_id": "NL812458837",
"company_name": "Piet Hein BV",    
"delegation_token": {
    "notBefore": 1529574873,
    "notOnOrAfter": 1559574873,
    "policyIssuer": "EU.EORI.NL000000003",
     "target": {
       "accessSubject": "419404e1-07ce-4d80-9e8a-ec2b0899b600"
    },
    "policySets": [
      {
        "maxDelegationDepth": "5",
        "target": {
          "environment": {
            "licenses": [
              "iSHARE.0001"
            ]
          }
        },
        "policies": [
          {
            "target": {
              "resource": {
                "type": "GS1.Container",
                "identifiers": [
                  "180621.ABC122"
                ],
                "attributes": [
                  "CONTAINER.DATA.ATTRIBUTE.ETA"
                ]
              },
              "actions": [
                "ISHARE.READ"
              ],
              "environment": {
                "serviceProviders": [
                  "EU.EORI.NL123456789"
                ]
              }
            },
            "rules": [
              {
                "effect": "Permit"
              }
            ]
          }
        ]
      }
    ]
  }
}

parties_token: object

parties_token: string
Example
{
  "parties_token": "string"
}

party_token: object

party_token: string
Example
{
  "party_token": "string"
}

capabilities_token: object

capabilities_token: string
Example
{
  "capabilities_token": "string"
}

delegation_token: object

delegation_token: string
Example
{
  "delegation_token": "string"
}

role:

role: string
Example
{
  "role": "string"
}

version:

version: string
supported_features: feature
feature
Example
{
  "version": "string",
  "supported_features": [
    {
      "feature": "string",
      "description": "string",
      "url": "string"
    }
  ]
}

feature:

feature: string
description: string
url: string
Example
{
  "feature": "string",
  "description": "string",
  "url": "string"
}

delegation-jwt:

delegation_token: string
Example
{
  "delegation_token": "string"
}

userinfo-jwt:

userinfo_token: string
Example
{
  "userinfo_token": "string"
}

adherence: object

status: string
start_date: string
end_date: string
Example
{
  "status": "string",
  "start_date": "string",
  "end_date": "string"
}

certification: object

role: string
start_date: string
end_date: string
Example
{
  "role": "string",
  "start_date": "string",
  "end_date": "string"
}

certifications: array

Example
[
  {
    "role": "string",
    "start_date": "string",
    "end_date": "string"
  }
]

party_info: object

party_id: string
party_name: string
adherence: adherence
certifications: certifications
Example
{
  "party_id": "string",
  "party_name": "string",
  "adherence": {
    "status": "string",
    "start_date": "string",
    "end_date": "string"
  },
  "certifications": [
    {
      "role": "string",
      "start_date": "string",
      "end_date": "string"
    }
  ]
}

parties_info: array

Example
[
  {
    "party_id": "string",
    "party_name": "string",
    "adherence": {
      "status": "string",
      "start_date": "string",
      "end_date": "string"
    },
    "certifications": [
      {
        "role": "string",
        "start_date": "string",
        "end_date": "string"
      }
    ]
  }
]

trusted_list-jwt:

trusted_list_token: string
Example
{
  "trusted_list_token": "string"
}

certificate_response:

date_time: string
certificate_fingerprint: string
validity: boolean
Example
{
  "date_time": "string",
  "certificate_fingerprint": "string",
  "validity": "boolean"
}

openid-connect:

access_token: string
token_type: string bearer
expires_in: integer
id_token: string
Example
{
  "access_token": "string",
  "token_type": "string",
  "expires_in": "integer",
  "id_token": "string"
}

openid-authorize:

code: string
state: string
Example
{
  "code": "string",
  "state": "string"
}

delegation_body_ar: object

delegation_mask: object
delegationRequest: object
policyIssuer: string
target: object
accessSubject: string
policySets: object
policies: object
target: object
resource: object
type: string
identifiers: string[]
string
attributes: string[]
string
actions: string[]
string
rules: object[]
object
effect: string
delegation_path: string[]
string
previous_steps: string[]
string
Example
{
    "delegationRequest": {
      "policyIssuer": "string",
      "target": {
        "accessSubject": "string"
      },
      "policySets": [
      {
        "policies": [
        {
          "target": {
            "resource": {
              "type": "string",
              "identifiers": [
                "string"
              ],
              "attributes": [
                "string"
              ]
            },
            "actions": [
              "string"
            ]
          },
          "rules": [
            {
              "effect": "string"
            }
          ]
        }
      ]
    }
   ]
  },
  "delegation_path": [
    "string"
  ],
  "previous_steps": [
    "string"
  ]
}

delegation_body_ep: object

delegation_mask: object
delegationRequest: object
policyIssuer: string
target: object
accessSubject: string
policySets: object
policies: object
target: object
resource: object
type: string
identifiers: string[]
string
attributes: string[]
string
actions: string[]
string
rules: object[]
object
effect: string
previous_steps: string[]
string
Example
{
    "delegationRequest": {
      "policyIssuer": "string",
      "target": {
        "accessSubject": "string"
      },
      "policySets": [
      {
        "policies": [
        {
          "target": {
            "resource": {
              "type": "string",
              "identifiers": [
                "string"
              ],
              "attributes": [
                "string"
              ]
            },
            "actions": [
              "string"
            ]
          },
          "rules": [
            {
              "effect": "string"
            }
          ]
        }
      ]
     }
   ]
  },
  "previous_steps": [
    "string"
  ]
}

oauth:

access_token: string
token_type: string
expires_in: integer
Example
{
  "access_token": "string",
  "token_type": "string",
  "expires_in": "integer"
}

service_content:

service_content_1: string
service_content_n: string
Example
{
  "service_content_1": "string",
  "service_content_n": "string"
}

Questions?

Visit the iSHARE Community Forum