Provide Data
Advertise data and services to trusted organizations. Add authorization servers enabling client applications to authenticate themselves and obtain tokens. Publish your APIs for all federation participants to discover. Request certificates for mTLS.
- Your organization is onboarded within the ecosystem/federation.
- You are an administrator user within your organization.
Add an OAuth Authorization Server -- sometimes referred to as OpenID Provider -- to publish your APIs for external consumption. It makes it possible for Data Receivers to discover its configuration using OIDC Discovery (/.well-known endpoint) and obtain data, after properly onboarded, using their client applications credentials.
Select Servers > New Server.
Fill in the details of the organization's authorization server.
Field name | Required | Field description | Example |
|---|---|---|---|
Customer friendly server name | Yes | Should be equal to the brand name that can be easily identifiable by the customer on the consent flow Add the name without abbreviations so that it can be recognized by the customer that is to provide their consent to share data. Maximum of 256 characters | Raidiam |
OpenID discovery document URI | Yes | The URI that points to the OpenID discovery document (/.well-known endpoint. | https://raidiam.com/openid-configuration/.well-known |
Payload signing certificate URI | Yes | URI points to the Signature Certificates and Public Keys used to payload signatures by Data Receivers. Should point to the certificate you uploaded to the authorization server in the previous section of this article. | https://raidiam.com/payload-uricertificate |
Customer friendly logo URI | Yes | The Logo that represents the Brand Name added on the Customer Friendly Name | https://raidiam.com/logo.svg |
Developer Portal URI | No | URI for the Server developer portal | https://developers.raidiam.com |
Terms of service URI | No | URI that points to the server terms of service URI | https://raidiam.com/tos |
Notification webhook endpoint | No | Endpoint of the webhook notification URI that will be used to receive notifications from the Directory. Note this endpoint needs confirmation. Visit the URL sent to endpoint within 3 days to confirm the subscription. This URI is optional and allows the server to receive notification in case any relevant information on Connect is added or updated. | webhook.site/97askmbf-c320-4982-b0ff-f7728893aa |
Description | Yes | 1. Character limit: 256 characters 2. Description cannot have links. 3. Should contain a description of the brand with any additional information the user should know. Can also contain:
| This is where you can describe your brand, bringing any additional information to help the user make the right choice while providing their authorization to access the APIs. |
Save.
Some organizations may have different authorization servers responsible for issuing access tokens that give access to different APIs or services. In such cases, add additional authorization servers your organization has.
If your organization uses mutual TLS (mTLS) in order to enhance the security of its resources, you need to request a Transport certificate. This certificate -- both the Data Providers and Data Receivers trust -- empowers your technical assets, such as the authorization server and resource server, enabling them to engage in secure TLS handshakes during communication with client applications.
Navigate to your organization.
Select Organization Certificates > New Certificate.
Select TRANSPORT as the Certificate Type and continue.
In your terminal, execute the provided command to generate a Certificate Signing Request (CSR).
Upload the generated CSR/PEM.
Your CSR/PEM is sent to the Registration Authority which checks its validity and passes the request further to the Certificate Authority for certificate issuance.
Download the issued certificate and add it to the organization's authorization server and resource server configuration.
Optionally, you can also view the Signing Key associated with the issued certificate in a form of a JSON Web Key Set (JWKS).
Select Servers and choose one of the available authorization servers for which you wish to publish the APIs.
Select API Resources > New API Resource.
Select the API Family Type available within your ecosystem and its Version.
Provide a Start date configuring when your APIs start to be available for the Data Receivers to integrate with.
Provide the Certification URI if required.
The requirement for providing the certification URI can behave in the two following ways:
- If the ecosystem has the automatic API certification process available, the conformance tests run for the APIs.
- If the ecosystem does not have the automatic API certification process available, you need to provide a valid certification URI serving as a proof that your APIs are implemented according to the required standard.
Select Save.
Expand the dropdown next to the APIs you added and add API Discovery Endpoints.
By adding API Discovery endpoints, you can provide a base URL for the API and the rest is automatically filled in according to the requirements for the given API that come from your trust framework. Such requirements are defined by the Trust Framework Administrator and their Data APIs profile.
Provide the API Base URL and API Version and Generate Endpoints.
Do not add a slash at the end of the base URL -- it is added automatically for you during the API Discovery. The API version is also automatically appended into the resulting API endpoint.
Select all of the available discovered APIs or select the ones you want to publish and save.