Authorization and Authentication

Authentication and authorization are two separate, but connected, steps used to verify that an application or user has permission to access the API.

Authentication

Authentication is the process of verifying who is making API calls.

OpenID Connect is used for authentication on web applications, mobile phone apps, embedded web components, online banking portals and other user-centric applications. Using OpenID Connect, users are verified by providing credentials, such as a username and password. Once logged in, users can view the information they have been authorized to access.

Authorization

Authorization determines what actions an entity can perform on Apiture’s API. An entity could be a user, an application or other piece of technology that is accessing an API.

Individual users accessing the API will have entitlements. Each entitlement grants a different permission. For example, an account owner has permission to view transactions associated with their accounts and permission to schedule transfers from their accounts.