Skip to content

Authorization Service API

The Authorization Service API is an OAuth2 protected API used by CERN's Identity Management Infrastructure to manage Identities, Groups, Roles, Applications and more. You may also want to use it, for example to:

  • Query Groups
  • Search for Identities
  • Programmatically create Applications, and Roles

API Endpoints

You can see all the available API endpoints, and test the Authorization Service API using the Swagger Interface

How to use the Authorization Service API

For most needs we recommend creating an OIDC client and using your Client Credentials to query the Authorization Service, follow this Guide for API Access. If you want to query the Authorization Service on behalf of a user accessing your own application, i.e. OIDC delegation, follow this Guide for Token Exchange.

Once you have an access token for the Authorization Service, you can include it in the Authorization header of an HTTP request to query the API:

### Call the Authorization Service API using your the exchanged token
API_RESPONSE=$(curl \
    -X GET "https://authorization-service-api.web.cern.ch/api/v1.0/Identity/my" \
    -H "Accept: */*" \
    -H "Authorization: Bearer $API_ACCESS_TOKEN" )
echo $API_RESPONSE