Authorizing users for the Web API
The majority of the endpoints require that the client authenticate as a specific user, by using one of the following methods:
▪Specify an API key in either an “Api-Key” HTTP header or as an “Api-Key” query parameter. An entry in DPM maps the API key to a specific user.
▪Send an “Authorization” header with a Bearer token, which was obtained by a user authenticating with the OpenID Connect provider.
(Some endpoints of the Web API, for example, the SwaggerUI and OpenAPI endpoints, can be accessed without authentication.)
A user who is a DPM Administrator or a Customer Account Administrator has access to all functionality of the Web API. All other users must be authorized by using the ISA User Administration activity: in the “Activities” list, look for the activities that start with “Web API”.
To access any endpoint which requires authentication
To access any endpoint which requires authentication, you must be authorized for the “Web API” activity.
To access a feature of the Web API
To access a feature of the Web API (for example, “Web API – Case Data” or “Web API – Quotas”), you must be authorized for “Web API” activity and the feature. In most cases, you also need to be authorized for subfeatures, for example, “Web API – Quotas / Can Edit Targets”.
See