A DfE Service Manual and its content is intended for internal use by the DfE service community.

2. Use BEARER token security for APIs

Date: 2021-05-11

Status

Accepted

Context

We need to authenticate requests to the APIs to ensure that only approved Lead Providers can use them.

Decision

We will implement BEARER Token security and provide API users with a UUID generated by the service and stored securely

Consequences

Lead Providers can be identified by their bearer token on each request.

Bearer tokens will need to be generated by the production application.