How to authenticate incoming requests from Consent Manager?

Arvind · December 28, 2020, 6:24am

Can we use Authorization header in APIs like /v0.5/care-contexts/discover API to authenticate Consent Manager?
If yes, how can we do that?

Mounica · December 29, 2020, 8:51am

Hi @Arvind,

Any calls that a HIP/HIU receive will be communicated from CM via Gateway. You can use Authorization header to authenticate the incoming requests from Gateway.
It contains the gateway role which you can use to authorize the requests.

Thanks.

Arvind · December 29, 2020, 11:09am

Hey @Mounica,

Thanks for your reply.
As a follow-up question,
Does this authorization header matches with the Access token that we receive in Sessions API, so that we can match it with to authenticate requests?

Gayatrij · January 4, 2021, 7:20am

Hi @Arvind,
Its not the same access token that you receive in sessions API. It contains the gateway role which you can use to authorise the requests.

raveeo · March 17, 2021, 1:21pm

Hi @Gayatrij

Can you please elaborate on how to validate the gateway request? Unable to understand the usage of gateway role in doing the same.

Regards,
Ravi

mdubey · March 18, 2021, 4:16am

Hi @raveeo,

Please have a look at another thread where we discussed similar. Let us know if you have more questions.

Thank you

raveeo · March 19, 2021, 9:20am

Thank you… will check it out