eBECAS/EDMISS Next Generation (Web)

API Authorisation

Authorisation controls what an API user is allowed to access and perform after they have been authenticated.

While authentication confirms that the request is coming from a valid API user, authorisation determines what that user can do.

For example, authorisation may control whether an API user can:

  • Access specific modules

  • View specific records

  • Create or update data

  • Perform restricted actions

API users follow the same permission model as regular users. This means their access is controlled by roles and permissions.

Keep the following in mind:

  • Only roles of type API can be assigned to API users.

  • The permissions available for API roles differ from those available for regular user roles.

To set up API roles, visit this article.

Authorisation Error (403)

Occurs when the client is authenticated but does not have permission to perform the requested operation.

Common causes include:

  • The API user does not have the required role or permission.

  • The API user is not authorised to access the requested resource.

  • The operation is restricted by the user's access settings.

Example response:

HTTP/1.1 403 Forbidden