Get Started
Receive Data

Securely get customer-permissioned data. Add applications. See all available Data Providers. Authenticate with their authorisation servers. Discover published APIs for you to integrate with in a standardized way.
﻿
Prerequisites
Your organisation is onboarded within the ecosystem/federation and active.
Your organisation has an Authorisation Domain﻿ and a Role﻿ assigned by the Trust Framework Participants﻿.
Add Application
To enable your software application to become a part of the Trust Framework﻿ and request resources from Data Providers﻿, you need to register it within the Centralized Directory﻿ first.
1
Navigate to your organisation.
2
Select Applications > New Application to open up the Connect's Wizard.
A software statement is a JSON Web Token (JWT RFC7519) containing metadata about the client software -- your application. It is included in the client registration request to the Data Provider's Authorisation Server﻿ and must be signed using JSON Web Signature (JWS).
For more information on how to set up applications, see the Add and Manage Applications﻿ article.
3
Select Next and fill in the details of your application.
Field name
Required
Field description
Example
Client Name
Yes
It is recommended to use the brand name that the customers are familiar with.
This is the name of your software application a user sees while providing their consent to share data.
Raidiam
Client URI
Yes
Website or root URI from the resource.
https://raidiam.com/info.html
Policy URI
Yes
Must be a defined text sequence that represents a single unique policy URI.
https://raidiam.com/policy.html
Logo URI
Yes
Brand logo URI
https://raidiam.com/logo.svg
Terms of service URI
No
Must be a text string that represents the unique URI for ToS
https://raidiam.com/tos.html
Application and Technical Redirects
Yes
Must be a text string that represents an unique URI for application and redirects.
This is the URI where the user is redirected back after they provide their consent.
You can provide one or more URIs that will be registered at the authorisation server.
https://raidiam.com/cb1

https://raidiam.com/cb2
Description
No
A text description of your application.
Raidiam your service solution
Version
Yes
Version of your application.
Must be defined by a numeric value, an integer, or a floating point number.
1.2
4
Select Save and Next.
At this point, your application is created and you can either proceed further with the wizard (recommended) or finalize working on the next steps later on -- note, however, you are not able to get back to the wizard itself to configure the same application again.
Select Roles
﻿Assign the roles you need to your client﻿.
The amount of roles and what roles are available depend on the roles assigned to your organisation by the Trust Framework Administrator﻿.
If you see no roles available within the Wizard, you can skip this step and later on assign it manually.
It is considered a good practice not to assign all available roles to client applications, but only the ones the client application needs. For example, if you are going to call the Connect's APIs in the future, create a separate client application for that need and assign the appropriate role to that end.
Request Transport Certificate
In this step, you will create a private and public key pair﻿ and a Certificate Signing Request (CSR) to request a transport Certificate﻿. This certificate can be used in mutual TLS (mTLS) communication between the Data Providers﻿ and Data Receivers﻿ technical resources.
Such certificates -- both the participants can trust -- empower your technical assets, such as your client application, to establish a secure connection with the Data Provider's authorization server and resource server, enabling them to engage in TLS handshakes and enable secure connection during the data exchange.
1
Select TRANSPORT certificate type and continue.
2
Execute the provided CSR generation command in your terminal
The CSR is generated and saved within the same directory you execute the command.
Sample CSR Generation Command
openssl req -new -newkey rsa:2048 -out bf2ccc5e-406a-45a1-bef1-39333c239c2d-transport.csr -keyout transport.key -subj "/C=UK/O=Raidiam/OU=79b34d52-125b-4e5a-8b69-db93e737aa78/CN=bf2ccc5e-406a-45a1-bef1-39333c239c2d" -sha256
openssl req -new -newkey rsa:2048 -out bf2ccc5e-406a-45a1-bef1-39333c239c2d-transport.csr -keyout transport.key -subj "/C=UK/O=Raidiam/OU=79b34d52-125b-4e5a-8b69-db93e737aa78/CN=bf2ccc5e-406a-45a1-bef1-39333c239c2d" -sha256
﻿
3
Upload the generated CSR file.
Find Data Providers and Authorisation Servers
Once your application is set up, you need to integrate it with a Data Provider﻿ and their Authorisation Server﻿ in order to get an access token. Such token enables your application to authenticate itself while accessing the Data Provider's Data APIs (resource server).
Open Data Ecosystems
If your framework is an Open Data Ecosystem, client application's can utilize the Participants API﻿ to receive a JSON document containing a list of all participants and their authorization servers.
Other Ecosystems
To get a list of authorisation servers registered within the framework, you can utilize the following APIs:
﻿Get All Organisations - lists all organisations the user is authorised to retrieve.
﻿Get All Authorisation Servers for Given Organisation - lists all authorisation servers registered within an organisation along with their configuration.
﻿Get Authorisation Server by Identifier - returns a selected authorisation server along with its configuration.﻿
sequenceDiagram
autonumber
participant tpp as Data Receiver (Client Application)
participant das as Raidiam Authorisation Server
participant dapi as Raidiam Connect's APIs

tpp->>das: /token
note over tpp,das: grant_type=client_credentials<br/>OAuth 2.0 tls_client_auth for authentication <br/> Scope: directory:software<br/>client_id=$client_id
das->>das: Validate Certificate
das->>tpp: Access Token
tpp->>dapi: Retrieve Authorisation Servers
note over tpp, dapi: The request contains the received access token
dapi->>tpp: Authorisation Servers
sequenceDiagram
autonumber
participant tpp as Data Receiver (Client Application)
participant das as Raidiam Authorisation Server
participant dapi as Raidiam Connect's APIs

tpp->>das: /token
note over tpp,das: grant_type=client_credentials<br/>OAuth 2.0 tls_client_auth for authentication <br/> Scope: directory:software<br/>client_id=$client_id
das->>das: Validate Certificate
das->>tpp: Access Token
tpp->>dapi: Retrieve Authorisation Servers
note over tpp, dapi: The request contains the received access token
dapi->>tpp: Authorisation Servers
﻿
1
﻿Get an Access Token - (Read Only)﻿.
Use the OAuth Client Credentials flow as the grant type and tls_client_auth as client authentication method.
Request the directory:software access token scope.
2
Raidiam Connect's Authorisation Server validates the certificate as part of the tls_client_auth client authentication process.
3
If validation is successful, the server returns an access token you can use to call Raidiam's APIs and retrieve information about the authorisation servers and their configuration.
4
Retrieve authorisation servers using one of the APIs listed above.
Include the access token you got in the step #1 to authenticate your client application's request.
5
The platform returns a list of authorisation servers and their configuration.
﻿
Register Client Application at Authorisation Server
Depending on the type of the Registration Framework﻿ used within the Framework, OAuth Dynamic Client Registration﻿ (DCR), OpenID Federation﻿, or Raidiam's Simple Registration Endpoint, you may need to register your client application at the Data Provider's Authorisation Server﻿ if DCR is used as the framework.
OpenID Federation and Raidiam's Simple Registration Endpoint
If OpenID Federation or Raidiam's FedLite is used, there is no need to register the client application as it simply initiates a request to the server's OAuth /authorisation or /par (pushed authorisation request) endpoint setting the client_id (client identifier) to the organisation's (entity) identifier. Within both frameworks, the responsibility for maintaining an up-to-date list of active applications lies on the Data Providers﻿' side.
Register Application Using OAuth DCR
While getting a list of authorisation servers during the process described in the Find Data Providers and Authorisation Servers section, you receive configuration of an authorisation server registered within the Trust Framework﻿. Such configuration contains useful information you can use in the future.
Sample Authorisation Server Configuration in Raidiam Connect
{
  "AuthorisationServerId": "East Credit Union AS",
  "AutoRegistrationNotificationWebhook": "https://east-credit-union.com/app/webhooks/",
  "AutoRegistrationSupported": false,
  "CreatedAt": "2024-05-04T09:42:00+00:00",
  "CustomerFriendlyDescription": "East Credit Union Authorisation Server",
  "CustomerFriendlyLogoUri": "https://east-credit-union.com/logo.svg",
  "CustomerFriendlyName": "East Credit Union",
  "DeprecatedDate": "2025-01-30",
  "DeveloperPortalUri": "https://east-credit-union.com/app/devs/",
  "FederationEndpoint": "https://east-credit-union.com/app/federation/",
  "FederationId": "string",
  "Issuer": "https://east-credit-union.com",
  "NotificationWebhook": "https://example.com",
  "NotificationWebhookAddedDate": "2025-01-30",
  "NotificationWebhookStatus": "Pending",
  "OpenIDDiscoveryDocument": "https://east-credit-union.com/app/api/.well-known/",
  "OrganisationId": "East Credit Union",
  "ParentAuthorisationServerId": "East Credit Union AS",
  "PayloadSigningCertLocationUri": "https://east-credit-union.com/app/jwksURI/",
  "RetirementDate": "2025-12-30",
  "SupersededByAuthorisationServerId": "f81d4fae-7dec-11d0-a765-00a0c91e6bf6",
  "SupportsCiba": false,
  "SupportsDCR": true,
  "SupportsRedirect": true,
  "TermsOfServiceUri": "https://east-credit-union.com/tos/"
}
{
  "AuthorisationServerId": "East Credit Union AS",
  "AutoRegistrationNotificationWebhook": "https://east-credit-union.com/app/webhooks/",
  "AutoRegistrationSupported": false,
  "CreatedAt": "2024-05-04T09:42:00+00:00",
  "CustomerFriendlyDescription": "East Credit Union Authorisation Server",
  "CustomerFriendlyLogoUri": "https://east-credit-union.com/logo.svg",
  "CustomerFriendlyName": "East Credit Union",
  "DeprecatedDate": "2025-01-30",
  "DeveloperPortalUri": "https://east-credit-union.com/app/devs/",
  "FederationEndpoint": "https://east-credit-union.com/app/federation/",
  "FederationId": "string",
  "Issuer": "https://east-credit-union.com",
  "NotificationWebhook": "https://example.com",
  "NotificationWebhookAddedDate": "2025-01-30",
  "NotificationWebhookStatus": "Pending",
  "OpenIDDiscoveryDocument": "https://east-credit-union.com/app/api/.well-known/",
  "OrganisationId": "East Credit Union",
  "ParentAuthorisationServerId": "East Credit Union AS",
  "PayloadSigningCertLocationUri": "https://east-credit-union.com/app/jwksURI/",
  "RetirementDate": "2025-12-30",
  "SupersededByAuthorisationServerId": "f81d4fae-7dec-11d0-a765-00a0c91e6bf6",
  "SupportsCiba": false,
  "SupportsDCR": true,
  "SupportsRedirect": true,
  "TermsOfServiceUri": "https://east-credit-union.com/tos/"
}
﻿
Most importantly, the configuration of a server in Raidiam Connect includes the OpenIDDiscoveryDocument URI you can use to pull a detailed configuration of the authorisation server itself including the Dynamic Client Registration endpoint.
For an example of the OpenID Dicovery Document, reference the Raidiam's Authorisation Server /.well-known endpoint. It contains the "registration_endpoint": "https://auth.sandbox.raidiam.io/reg" DCR endpoint where dynamic client registration requests could be posted.﻿
sequenceDiagram
autonumber
participant tpp as Data Receiver (Client Application)
participant das as Raidiam Authorisation Server
participant dapi as Raidiam Connect's APIs
participant jwks as Raidiam JWKS
participant dpas as Data Provider's Authorisation Server

tpp->>dpas: /.well-known
Note over tpp, dpas: Retrieve OpenID Configuration
dpas->>tpp: JSON OpenID Discovery Document
tpp->>tpp: Extract desired metadata
tpp->>das: /token
note over tpp,das: grant_type=client_credentials<br/>OAuth 2.0 tls_client_auth for authentication <br/> Scope: directory:software<br/>client_id=$client_id
das->>das: Validate Certificate
das->>tpp: Access Token
tpp->>dapi: Retrieve Software Statement Assertion (SSA)
note over tpp, dapi: The request contains the token the client received from Raidiam's Authorisation Server
dapi->>tpp: SSA JWT
tpp->>dpas: POST /register
note over tpp,dpas: The client requests dynamic client registration at the authorisation server
note over tpp,dpas: The request contains the SSA JWT as value of the `software_statement` request parameter
dpas->>jwks: Retrieve Key Set
jwks->>dpas: Return Key Set
dpas->>dpas: Validate SSA in the client's DCR request
dpas->>dpas: Validate client's DCR request
dpas->>tpp: Return Client Configuration
sequenceDiagram
autonumber
participant tpp as Data Receiver (Client Application)
participant das as Raidiam Authorisation Server
participant dapi as Raidiam Connect's APIs
participant jwks as Raidiam JWKS
participant dpas as Data Provider's Authorisation Server

tpp->>dpas: /.well-known
Note over tpp, dpas: Retrieve OpenID Configuration
dpas->>tpp: JSON OpenID Discovery Document
tpp->>tpp: Extract desired metadata
tpp->>das: /token
note over tpp,das: grant_type=client_credentials<br/>OAuth 2.0 tls_client_auth for authentication <br/> Scope: directory:software<br/>client_id=$client_id
das->>das: Validate Certificate
das->>tpp: Access Token
tpp->>dapi: Retrieve Software Statement Assertion (SSA)
note over tpp, dapi: The request contains the token the client received from Raidiam's Authorisation Server
dapi->>tpp: SSA JWT
tpp->>dpas: POST /register
note over tpp,dpas: The client requests dynamic client registration at the authorisation server
note over tpp,dpas: The request contains the SSA JWT as value of the `software_statement` request parameter
dpas->>jwks: Retrieve Key Set
jwks->>dpas: Return Key Set
dpas->>dpas: Validate SSA in the client's DCR request
dpas->>dpas: Validate client's DCR request
dpas->>tpp: Return Client Configuration
﻿
1
Utilize the OpenID Discovery endpoint (/.well-known) to discover the authorisation server's configuration.
2
The data provider's authorisation server returns a JSON OpenID Discovery document containing its configuration.
3
Extract the desired metadata, particularly the Dynamic Client Registration URI.
4
﻿Get an Access Token - (Read Only)﻿.
Use the OAuth Client Credentials flow as the grant type and tls_client_auth as client authentication method.
Request the directory:software access token scope.
Raidiam Connect's Authorisation Server validates the certificate as part of the tls_client_auth client authentication process.
5
Raidiam Connect's Authorisation Server validates the certificate as part of the tls_client_auth client authentication process.
6
If validation is successful, the server returns an access token you can use to call Raidiam's APIs and retrieve information about the authorisation servers and their configuration.
7
Retrieve Software Statement Assertion﻿ (SSA) from Raidiam using the Get Software Statement Assertion for Given SoftwareStatementID API.
Utilize the access token you got from Raidiam Connect's authorisation server to authenticate your request.
8
The platform returns a JSON Web Token containing the Software Statement Assertion.
9
Request dynamic client registration at the authorisation server's DCR API.
Provide the details of your client along with the JWT SSA as a value of the software_statement request parameter. See example below:
JSON
POST /register HTTP/1.1
Host: auth.east-credit-union.com
Content-Type: application/json
{
  "application_type": "web",
  "grant_types": [
    "client_credentials",
    "authorization_code",
    "refresh_token",
    "implicit"
  ],
  "id_token_signed_response_alg": "PS256",
  "require_auth_time": false,
  "response_types": [
    "code id_token",
    "id_token"
  ],
  "software_statement": "eyJraWQiOiJzaWduZXIiLCJ0eXAiOiJKV1QiLCJhbGciOiJQUzI1NiJ9.eyJzb2Z0d2FyZV9tb2RlIjoiTGl2ZSIsInNvZnR3YXJlX3JlZGlyZWN0X3VyaXMiOlsiaHR0cHM6XC9cL3d3dy5yYWlkaWFtLmNvbVwvYWNjb3VudGluZ1wvY2IiXSwic29mdHdhcmVfc3RhdGVtZW50X3JvbGVzIjpbeyJyb2xlIjoiREFET1MiLCJhdXRob3Jpc2F0aW9uX2RvbWFpbiI6Ik9wZW4gQmFua2luZyIsInN0YXR1cyI6IkFjdGl2ZSJ9LHsicm9sZSI6IlBBR1RPIiwiYXV0aG9yaXNhdGlvbl9kb21haW4iOiJPcGVuIEJhbmtpbmciLCJzdGF0dXMiOiJBY3RpdmUifV0sInNvZnR3YXJlX2NsaWVudF9uYW1lIjoiUmFpZGlhbSBBY2NvdW50aW5nIiwib3JnX3N0YXR1cyI6IkFjdGl2ZSIsInNvZnR3YXJlX2NsaWVudF9pZCI6IkNraTFFYnZqd3loUEIxMk5HTGx6MiIsImlzcyI6Ik9wZW4gQmFua2luZyBPcGVuIEJhbmtpbmcgQnJhc2lsIHByb2QgU1NBIGlzc3VlciIsInNvZnR3YXJlX3Rvc191cmkiOiJodHRwczpcL1wvd3d3LnJhaWRpYW0uY29tXC9hY2NvdW50aW5nXC90b3MuaHRtbCIsInNvZnR3YXJlX2NsaWVudF9kZXNjcmlwdGlvbiI6IlJhaWRpYW0gQWNjb3VudGluZyBsZXZlcmFnZSBjdXR0aW5nIGVkZ2Ugb3BlbiBiYW5raW5nIGFjY2VzcyB0byBicmluZyB5b3UgcmVhbCB0aW1lIHVwIHRvIGRhdGUgdmlld3Mgb2YgeW91ciBmaW5hbmNlcyIsInNvZnR3YXJlX2p3a3NfZW5kcG9pbnQiOiJodHRwczpcL1wva2V5c3RvcmUuZGlyZWN0b3J5Lm9wZW5iYW5raW5nYnJhc2lsLm9yZy5iclwvYjk2MWM0ZWItNTA5ZC00ZWRmLWFmZWItMzU2NDJiMzgxODVkXC8yNTU1NmQ1YS1iOWRkLTRlMjctYWExYS1jY2U3MzJmZTc0ZGVcL2FwcGxpY2F0aW9uLmp3a3MiLCJzb2Z0d2FyZV9wb2xpY3lfdXJpIjoiaHR0cHM6XC9cL3d3dy5yYWlkaWFtLmNvbVwvYWNjb3VudGluZ1wvcG9saWN5Lmh0bWwiLCJzb2Z0d2FyZV9pZCI6IjI1NTU2ZDVhLWI5ZGQtNGUyNy1hYTFhLWNjZTczMmZlNzRkZSIsInNvZnR3YXJlX2NsaWVudF91cmkiOiJodHRwczpcL1wvd3d3LnJhaWRpYW0uY29tXC9hY2NvdW50aW5nLmh0bWwiLCJzb2Z0d2FyZV9qd2tzX2luYWN0aXZlX2VuZHBvaW50IjoiaHR0cHM6XC9cL2tleXN0b3JlLmRpcmVjdG9yeS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnJcL2I5NjFjNGViLTUwOWQtNGVkZi1hZmViLTM1NjQyYjM4MTg1ZFwvMjU1NTZkNWEtYjlkZC00ZTI3LWFhMWEtY2NlNzMyZmU3NGRlXC9pbmFjdGl2ZVwvYXBwbGljYXRpb24uandrcyIsInNvZnR3YXJlX2p3a3NfdHJhbnNwb3J0X2luYWN0aXZlX2VuZHBvaW50IjoiaHR0cHM6XC9cL2tleXN0b3JlLmRpcmVjdG9yeS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnJcL2I5NjFjNGViLTUwOWQtNGVkZi1hZmViLTM1NjQyYjM4MTg1ZFwvMjU1NTZkNWEtYjlkZC00ZTI3LWFhMWEtY2NlNzMyZmU3NGRlXC9pbmFjdGl2ZVwvdHJhbnNwb3J0Lmp3a3MiLCJzb2Z0d2FyZV9qd2tzX3RyYW5zcG9ydF9lbmRwb2ludCI6Imh0dHBzOlwvXC9rZXlzdG9yZS5kaXJlY3Rvcnkub3BlbmJhbmtpbmdicmFzaWwub3JnLmJyXC9iOTYxYzRlYi01MDlkLTRlZGYtYWZlYi0zNTY0MmIzODE4NWRcLzI1NTU2ZDVhLWI5ZGQtNGUyNy1hYTFhLWNjZTczMmZlNzRkZVwvdHJhbnNwb3J0Lmp3a3MiLCJzb2Z0d2FyZV9sb2dvX3VyaSI6Imh0dHBzOlwvXC93d3cucmFpZGlhbS5jb21cL2FjY291bnRpbmdcL2xvZ28ucG5nIiwib3JnX2lkIjoiYjk2MWM0ZWItNTA5ZC00ZWRmLWFmZWItMzU2NDJiMzgxODVkIiwic29mdHdhcmVfZW52aXJvbm1lbnQiOiJwcm9kdWN0aW9uIiwic29mdHdhcmVfdmVyc2lvbiI6MS4xMCwic29mdHdhcmVfcm9sZXMiOlsiREFET1MiLCJQQUdUTyJdLCJvcmdfbmFtZSI6Ik9wZW4gQmFua2luZyBCcmFzaWwiLCJpYXQiOjE2MTgzMzYyNjIsIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6W3siYXV0aG9yaXNhdGlvbl9kb21haW4iOiJPcGVuIEJhbmtpbmciLCJhdXRob3Jpc2F0aW9ucyI6W10sInJlZ2lzdHJhdGlvbl9pZCI6IjEzMzUzMjM2LU9CQi1DT05UQSIsImF1dGhvcml0eV9pZCI6IjY4N2ExYzk0LWIzNjAtNGUwNC05NTg5LTBmYTVjYjE2NDUxYiIsImF1dGhvcmlzYXRpb25fcm9sZSI6IkNPTlRBIiwiYXV0aG9yaXR5X2NvZGUiOiJCQ0IiLCJzdGF0dXMiOiJBY3RpdmUifSx7ImF1dGhvcmlzYXRpb25fZG9tYWluIjoiT3BlbiBCYW5raW5nIiwiYXV0aG9yaXNhdGlvbnMiOltdLCJyZWdpc3RyYXRpb25faWQiOiIxMzM1MzIzNi1PQkItREFET1MiLCJhdXRob3JpdHlfaWQiOiI2ODdhMWM5NC1iMzYwLTRlMDQtOTU4OS0wZmE1Y2IxNjQ1MWIiLCJhdXRob3Jpc2F0aW9uX3JvbGUiOiJEQURPUyIsImF1dGhvcml0eV9jb2RlIjoiQkNCIiwic3RhdHVzIjoiQWN0aXZlIn0seyJhdXRob3Jpc2F0aW9uX2RvbWFpbiI6Ik9wZW4gQmFua2luZyIsImF1dGhvcmlzYXRpb25zIjpbXSwicmVnaXN0cmF0aW9uX2lkIjoiMTMzNTMyMzYtT0JCLVBBR1RPIiwiYXV0aG9yaXR5X2lkIjoiNjg3YTFjOTQtYjM2MC00ZTA0LTk1ODktMGZhNWNiMTY0NTFiIiwiYXV0aG9yaXNhdGlvbl9yb2xlIjoiUEFHVE8iLCJhdXRob3JpdHlfY29kZSI6IkJDQiIsInN0YXR1cyI6IkFjdGl2ZSJ9XX0.W6hUAYhjT6I61rxEIVMKYKre93LTbRdzKnk9dJvUdzVgAz5B9KxZNutf27oO3k0hrjYVWBdWq23o_e4Y_AaKdpS9-rtU84JiHtmqV0wcFYIM8nqcUVWqQ-Ux6Nq9L2G-s2YNd3PcJ1e3yGg9h8553Gr7iJusKEgApzXUpkM2rBELQuumktUE_JBiuIkXmWxoRnO1cW-Osbk3MT3bxG43SPcxii07Q5S8qXI6PjCPA3fYlnaUAygwZM3O0oa7jqmSr7d9UsHuDMJfYhIKdq2wyQQKORCN-D2UopmMX-lHMvAVkkrAO08T0-7odjr4PJk-PrwuoCxeAfa7440ZDOrlmQ",
  "subject_type": "public",
  "token_endpoint_auth_method": "private_key_jwt",
  "request_object_signing_alg": "PS256",
  "require_signed_request_object": true,
  "require_pushed_authorization_requests": false,
  "tls_client_certificate_bound_access_tokens": true,
  "client_id": "aCnBHjZBvD6ku3KVBaslL",
  "client_name": "Sample Fintech App",
  "client_uri": "https://www.sample-fintech-app.com/",
  "request_object_encryption_alg": "RSA-OAEP",
  "request_object_encryption_enc": "A256GCM",
  "jwks_uri": "https://keystore.directory.openbankingbrasil.org.br/b961c4eb-509d-4edf-afeb-35642b38185d/25556d5a-b9dd-4e27-aa1a-cce732fe74de/application.jwks",
  "redirect_uris": [
    "https://www.sample-fintech-app.com/app/"
  ],
  "webhook_uris": [
    "https://www.sample-fintech-app.com/app/webhooks/"
  ]
}
POST /register HTTP/1.1
Host: auth.east-credit-union.com
Content-Type: application/json
{
  "application_type": "web",
  "grant_types": [
    "client_credentials",
    "authorization_code",
    "refresh_token",
    "implicit"
  ],
  "id_token_signed_response_alg": "PS256",
  "require_auth_time": false,
  "response_types": [
    "code id_token",
    "id_token"
  ],
  "software_statement": "eyJraWQiOiJzaWduZXIiLCJ0eXAiOiJKV1QiLCJhbGciOiJQUzI1NiJ9.eyJzb2Z0d2FyZV9tb2RlIjoiTGl2ZSIsInNvZnR3YXJlX3JlZGlyZWN0X3VyaXMiOlsiaHR0cHM6XC9cL3d3dy5yYWlkaWFtLmNvbVwvYWNjb3VudGluZ1wvY2IiXSwic29mdHdhcmVfc3RhdGVtZW50X3JvbGVzIjpbeyJyb2xlIjoiREFET1MiLCJhdXRob3Jpc2F0aW9uX2RvbWFpbiI6Ik9wZW4gQmFua2luZyIsInN0YXR1cyI6IkFjdGl2ZSJ9LHsicm9sZSI6IlBBR1RPIiwiYXV0aG9yaXNhdGlvbl9kb21haW4iOiJPcGVuIEJhbmtpbmciLCJzdGF0dXMiOiJBY3RpdmUifV0sInNvZnR3YXJlX2NsaWVudF9uYW1lIjoiUmFpZGlhbSBBY2NvdW50aW5nIiwib3JnX3N0YXR1cyI6IkFjdGl2ZSIsInNvZnR3YXJlX2NsaWVudF9pZCI6IkNraTFFYnZqd3loUEIxMk5HTGx6MiIsImlzcyI6Ik9wZW4gQmFua2luZyBPcGVuIEJhbmtpbmcgQnJhc2lsIHByb2QgU1NBIGlzc3VlciIsInNvZnR3YXJlX3Rvc191cmkiOiJodHRwczpcL1wvd3d3LnJhaWRpYW0uY29tXC9hY2NvdW50aW5nXC90b3MuaHRtbCIsInNvZnR3YXJlX2NsaWVudF9kZXNjcmlwdGlvbiI6IlJhaWRpYW0gQWNjb3VudGluZyBsZXZlcmFnZSBjdXR0aW5nIGVkZ2Ugb3BlbiBiYW5raW5nIGFjY2VzcyB0byBicmluZyB5b3UgcmVhbCB0aW1lIHVwIHRvIGRhdGUgdmlld3Mgb2YgeW91ciBmaW5hbmNlcyIsInNvZnR3YXJlX2p3a3NfZW5kcG9pbnQiOiJodHRwczpcL1wva2V5c3RvcmUuZGlyZWN0b3J5Lm9wZW5iYW5raW5nYnJhc2lsLm9yZy5iclwvYjk2MWM0ZWItNTA5ZC00ZWRmLWFmZWItMzU2NDJiMzgxODVkXC8yNTU1NmQ1YS1iOWRkLTRlMjctYWExYS1jY2U3MzJmZTc0ZGVcL2FwcGxpY2F0aW9uLmp3a3MiLCJzb2Z0d2FyZV9wb2xpY3lfdXJpIjoiaHR0cHM6XC9cL3d3dy5yYWlkaWFtLmNvbVwvYWNjb3VudGluZ1wvcG9saWN5Lmh0bWwiLCJzb2Z0d2FyZV9pZCI6IjI1NTU2ZDVhLWI5ZGQtNGUyNy1hYTFhLWNjZTczMmZlNzRkZSIsInNvZnR3YXJlX2NsaWVudF91cmkiOiJodHRwczpcL1wvd3d3LnJhaWRpYW0uY29tXC9hY2NvdW50aW5nLmh0bWwiLCJzb2Z0d2FyZV9qd2tzX2luYWN0aXZlX2VuZHBvaW50IjoiaHR0cHM6XC9cL2tleXN0b3JlLmRpcmVjdG9yeS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnJcL2I5NjFjNGViLTUwOWQtNGVkZi1hZmViLTM1NjQyYjM4MTg1ZFwvMjU1NTZkNWEtYjlkZC00ZTI3LWFhMWEtY2NlNzMyZmU3NGRlXC9pbmFjdGl2ZVwvYXBwbGljYXRpb24uandrcyIsInNvZnR3YXJlX2p3a3NfdHJhbnNwb3J0X2luYWN0aXZlX2VuZHBvaW50IjoiaHR0cHM6XC9cL2tleXN0b3JlLmRpcmVjdG9yeS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnJcL2I5NjFjNGViLTUwOWQtNGVkZi1hZmViLTM1NjQyYjM4MTg1ZFwvMjU1NTZkNWEtYjlkZC00ZTI3LWFhMWEtY2NlNzMyZmU3NGRlXC9pbmFjdGl2ZVwvdHJhbnNwb3J0Lmp3a3MiLCJzb2Z0d2FyZV9qd2tzX3RyYW5zcG9ydF9lbmRwb2ludCI6Imh0dHBzOlwvXC9rZXlzdG9yZS5kaXJlY3Rvcnkub3BlbmJhbmtpbmdicmFzaWwub3JnLmJyXC9iOTYxYzRlYi01MDlkLTRlZGYtYWZlYi0zNTY0MmIzODE4NWRcLzI1NTU2ZDVhLWI5ZGQtNGUyNy1hYTFhLWNjZTczMmZlNzRkZVwvdHJhbnNwb3J0Lmp3a3MiLCJzb2Z0d2FyZV9sb2dvX3VyaSI6Imh0dHBzOlwvXC93d3cucmFpZGlhbS5jb21cL2FjY291bnRpbmdcL2xvZ28ucG5nIiwib3JnX2lkIjoiYjk2MWM0ZWItNTA5ZC00ZWRmLWFmZWItMzU2NDJiMzgxODVkIiwic29mdHdhcmVfZW52aXJvbm1lbnQiOiJwcm9kdWN0aW9uIiwic29mdHdhcmVfdmVyc2lvbiI6MS4xMCwic29mdHdhcmVfcm9sZXMiOlsiREFET1MiLCJQQUdUTyJdLCJvcmdfbmFtZSI6Ik9wZW4gQmFua2luZyBCcmFzaWwiLCJpYXQiOjE2MTgzMzYyNjIsIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6W3siYXV0aG9yaXNhdGlvbl9kb21haW4iOiJPcGVuIEJhbmtpbmciLCJhdXRob3Jpc2F0aW9ucyI6W10sInJlZ2lzdHJhdGlvbl9pZCI6IjEzMzUzMjM2LU9CQi1DT05UQSIsImF1dGhvcml0eV9pZCI6IjY4N2ExYzk0LWIzNjAtNGUwNC05NTg5LTBmYTVjYjE2NDUxYiIsImF1dGhvcmlzYXRpb25fcm9sZSI6IkNPTlRBIiwiYXV0aG9yaXR5X2NvZGUiOiJCQ0IiLCJzdGF0dXMiOiJBY3RpdmUifSx7ImF1dGhvcmlzYXRpb25fZG9tYWluIjoiT3BlbiBCYW5raW5nIiwiYXV0aG9yaXNhdGlvbnMiOltdLCJyZWdpc3RyYXRpb25faWQiOiIxMzM1MzIzNi1PQkItREFET1MiLCJhdXRob3JpdHlfaWQiOiI2ODdhMWM5NC1iMzYwLTRlMDQtOTU4OS0wZmE1Y2IxNjQ1MWIiLCJhdXRob3Jpc2F0aW9uX3JvbGUiOiJEQURPUyIsImF1dGhvcml0eV9jb2RlIjoiQkNCIiwic3RhdHVzIjoiQWN0aXZlIn0seyJhdXRob3Jpc2F0aW9uX2RvbWFpbiI6Ik9wZW4gQmFua2luZyIsImF1dGhvcmlzYXRpb25zIjpbXSwicmVnaXN0cmF0aW9uX2lkIjoiMTMzNTMyMzYtT0JCLVBBR1RPIiwiYXV0aG9yaXR5X2lkIjoiNjg3YTFjOTQtYjM2MC00ZTA0LTk1ODktMGZhNWNiMTY0NTFiIiwiYXV0aG9yaXNhdGlvbl9yb2xlIjoiUEFHVE8iLCJhdXRob3JpdHlfY29kZSI6IkJDQiIsInN0YXR1cyI6IkFjdGl2ZSJ9XX0.W6hUAYhjT6I61rxEIVMKYKre93LTbRdzKnk9dJvUdzVgAz5B9KxZNutf27oO3k0hrjYVWBdWq23o_e4Y_AaKdpS9-rtU84JiHtmqV0wcFYIM8nqcUVWqQ-Ux6Nq9L2G-s2YNd3PcJ1e3yGg9h8553Gr7iJusKEgApzXUpkM2rBELQuumktUE_JBiuIkXmWxoRnO1cW-Osbk3MT3bxG43SPcxii07Q5S8qXI6PjCPA3fYlnaUAygwZM3O0oa7jqmSr7d9UsHuDMJfYhIKdq2wyQQKORCN-D2UopmMX-lHMvAVkkrAO08T0-7odjr4PJk-PrwuoCxeAfa7440ZDOrlmQ",
  "subject_type": "public",
  "token_endpoint_auth_method": "private_key_jwt",
  "request_object_signing_alg": "PS256",
  "require_signed_request_object": true,
  "require_pushed_authorization_requests": false,
  "tls_client_certificate_bound_access_tokens": true,
  "client_id": "aCnBHjZBvD6ku3KVBaslL",
  "client_name": "Sample Fintech App",
  "client_uri": "https://www.sample-fintech-app.com/",
  "request_object_encryption_alg": "RSA-OAEP",
  "request_object_encryption_enc": "A256GCM",
  "jwks_uri": "https://keystore.directory.openbankingbrasil.org.br/b961c4eb-509d-4edf-afeb-35642b38185d/25556d5a-b9dd-4e27-aa1a-cce732fe74de/application.jwks",
  "redirect_uris": [
    "https://www.sample-fintech-app.com/app/"
  ],
  "webhook_uris": [
    "https://www.sample-fintech-app.com/app/webhooks/"
  ]
}
﻿
10
The Data Provider's authorisation server requests the key set from the Raidiam Connect's JWKS URI.
11
Raidiam Connect returns the key set.
12
The returned key set is used to validate the Software Statement Assertion provided by your client.
13
The DCR request is validated by the Data Provider's authorisation server.
14
The authorisation server returns the configuration of your dynamically registered client.
Discover Published APIs
Discover Data Provider's APIs in order to integrate with them. API discovery process can differ between Open Data Ecosystems where the Participants API﻿ returns a list of organisations and all their technical resoruces, and other ecosystems or federations where the data about an organisation can be accessed only through Connect's Data APIs.
Open Data Ecosystems
If your framework is an Open Data Ecosystem, client application's can utilize the Participants API﻿ to receive a JSON document containing a list of all participants and their technical resources, including the published APIs.
JSON
{
                "AuthorisationServerId": "c8f0bf49-4744-4933-8960-7add6e590841",
                "AutoRegistrationNotificationWebhook": null,
                "AutoRegistrationSupported": true,
                "CreatedAt": "2021-06-03T12:25:26Z",
                "CustomerFriendlyDescription": "Mock Bank by Raidiam",
                "CustomerFriendlyLogoUri": "https://cdn.raidiam.io/directory-ui/brand/obbrazil/0.2.0.112/favicon.svg",
                "CustomerFriendlyName": "Mock Bank",
                "DeprecatedDate": null,
                "DeveloperPortalUri": "https://mockbank.com/dev",
                "FederationEndpoint": null,
                "FederationId": null,
                "Issuer": "https://auth.mockbank.poc.raidiam.io",
                "NotificationWebhook": null,
                "NotificationWebhookAddedDate": null,
                "NotificationWebhookStatus": null,
                "OpenIDDiscoveryDocument": "https://auth.mockbank.poc.raidiam.io/.well-known/openid-configuration",
                "OrganisationId": "74e929d9-33b6-4d85-8ba7-c146c867a817",
                "ParentAuthorisationServerId": null,
                "PayloadSigningCertLocationUri": "https://mockbank.com/payload.pem",
                "RetirementDate": null,
                "SupersededByAuthorisationServerId": null,
                "SupportsCiba": false,
                "SupportsDCR": false,
                "SupportsRedirect": true,
                "TermsOfServiceUri": "https://mockbank.com/tos",
                "ApiResources": [
                    {
                        "ApiResourceId": "7aea412d-40e4-4f79-a9b2-84b18a699be6",
                        "ApiVersion": "1",
                        "FamilyComplete": false,
                        "ApiCertificationUri": null,
                        "CertificationStatus": null,
                        "CertificationStartDate": null,
                        "CertificationExpirationDate": null,
                        "ApiFamilyType": "consents",
                        "ApiDiscoveryEndpoints": []
                    },
                    {
                        "ApiResourceId": "441f5d3d-385e-4b06-8a34-5b7c4dfcb125",
                        "ApiVersion": "1",
                        "FamilyComplete": true,
                        "ApiCertificationUri": null,
                        "CertificationStatus": null,
                        "CertificationStartDate": null,
                        "CertificationExpirationDate": null,
                        "ApiFamilyType": "accounts",
                        "ApiDiscoveryEndpoints": [
                            {
                                "ApiDiscoveryId": "fb1a47cd-0620-4a91-b3a9-c5bffb38bd2d",
                                "ApiEndpoint": "https://matls-api.mockbank.poc.raidiam.io/open-banking/accounts/v1/accounts"
                            },
                            {
                                "ApiDiscoveryId": "2191da36-e03c-4802-a44a-66a56a48516e",
                                "ApiEndpoint": "https://matls-api.mockbank.poc.raidiam.io/open-banking/accounts/v1/accounts/{accountId}"
                            },
                            {
                                "ApiDiscoveryId": "1940e9f0-0aea-4164-8f02-f5a1bc72e87d",
                                "ApiEndpoint": "https://matls-api.mockbank.poc.raidiam.io/open-banking/accounts/v1/accounts/{accountId}/transactions"
                            },
                            {
                                "ApiDiscoveryId": "3f29155c-dad9-4818-87b6-059606157558",
                                "ApiEndpoint": "https://matls-api.mockbank.poc.raidiam.io/open-banking/accounts/v1/accounts/{accountId}/balances"
                            },
                            {
                                "ApiDiscoveryId": "636f8f95-f5f0-42c1-84d3-2c4d85ea7bc3",
                                "ApiEndpoint": "https://matls-api.mockbank.poc.raidiam.io/open-banking/accounts/v1/accounts/{accountId}/transactions-current"
                            },
                            {
                                "ApiDiscoveryId": "bb7f64f0-675d-4d23-a8c7-ffad45e7dbc0",
                                "ApiEndpoint": "https://matls-api.mockbank.poc.raidiam.io/open-banking/accounts/v1/accounts/{accountId}/overdraft-limits"
                            }
                        ]
                    },
                    {
                        "ApiResourceId": "c60a1787-20dd-4a0a-9a2d-3fcf4819ded8",
                        "ApiVersion": "1",
                        "FamilyComplete": true,
                        "ApiCertificationUri": null,
                        "CertificationStatus": null,
                        "CertificationStartDate": null,
                        "CertificationExpirationDate": null,
                        "ApiFamilyType": "credit-cards-accounts",
                        "ApiDiscoveryEndpoints": [
                            {
                                "ApiDiscoveryId": "0c0eb910-4fd4-4298-976d-0540e00833de",
                                "ApiEndpoint": "https://matls-api.mockbank.poc.raidiam.io/open-banking/credit-cards-accounts/v1/accounts"
                            },
                            {
                                "ApiDiscoveryId": "58d0de32-a118-41a6-9fa1-b07fe3656bf7",
                                "ApiEndpoint": "https://matls-api.mockbank.poc.raidiam.io/open-banking/credit-cards-accounts/v1/accounts/{creditCardAccountId}"
                            },
                            {
                                "ApiDiscoveryId": "72afda1a-7955-4f2d-9bc6-4884d1adfc41",
                                "ApiEndpoint": "https://matls-api.mockbank.poc.raidiam.io/open-banking/credit-cards-accounts/v1/accounts/{creditCardAccountId}/limits"
                            },
                            {
                                "ApiDiscoveryId": "5a321b7e-4ca3-4103-8ba1-d3fd416f1b76",
                                "ApiEndpoint": "https://matls-api.mockbank.poc.raidiam.io/open-banking/credit-cards-accounts/v1/accounts/{creditCardAccountId}/transactions"
                            },
                            {
                                "ApiDiscoveryId": "f97d1ee9-696e-482d-b56e-2899fb464606",
                                "ApiEndpoint": "https://matls-api.mockbank.poc.raidiam.io/open-banking/credit-cards-accounts/v1/accounts/{creditCardAccountId}/transactions-current"
                            },
                            {
                                "ApiDiscoveryId": "2e8bcf54-27ea-4e46-a49b-5215c5cf1a5c",
                                "ApiEndpoint": "https://matls-api.mockbank.poc.raidiam.io/open-banking/credit-cards-accounts/v1/accounts/{creditCardAccountId}/bills/{billId}/transactions"
                            },
                            {
                                "ApiDiscoveryId": "7d7dd9ac-2a8f-40da-8b1f-624884a55f54",
                                "ApiEndpoint": "https://matls-api.mockbank.poc.raidiam.io/open-banking/credit-cards-accounts/v1/accounts/{creditCardAccountId}/bills"
                            }
                        ]
                    }
]}
{
                "AuthorisationServerId": "c8f0bf49-4744-4933-8960-7add6e590841",
                "AutoRegistrationNotificationWebhook": null,
                "AutoRegistrationSupported": true,
                "CreatedAt": "2021-06-03T12:25:26Z",
                "CustomerFriendlyDescription": "Mock Bank by Raidiam",
                "CustomerFriendlyLogoUri": "https://cdn.raidiam.io/directory-ui/brand/obbrazil/0.2.0.112/favicon.svg",
                "CustomerFriendlyName": "Mock Bank",
                "DeprecatedDate": null,
                "DeveloperPortalUri": "https://mockbank.com/dev",
                "FederationEndpoint": null,
                "FederationId": null,
                "Issuer": "https://auth.mockbank.poc.raidiam.io",
                "NotificationWebhook": null,
                "NotificationWebhookAddedDate": null,
                "NotificationWebhookStatus": null,
                "OpenIDDiscoveryDocument": "https://auth.mockbank.poc.raidiam.io/.well-known/openid-configuration",
                "OrganisationId": "74e929d9-33b6-4d85-8ba7-c146c867a817",
                "ParentAuthorisationServerId": null,
                "PayloadSigningCertLocationUri": "https://mockbank.com/payload.pem",
                "RetirementDate": null,
                "SupersededByAuthorisationServerId": null,
                "SupportsCiba": false,
                "SupportsDCR": false,
                "SupportsRedirect": true,
                "TermsOfServiceUri": "https://mockbank.com/tos",
                "ApiResources": [
                    {
                        "ApiResourceId": "7aea412d-40e4-4f79-a9b2-84b18a699be6",
                        "ApiVersion": "1",
                        "FamilyComplete": false,
                        "ApiCertificationUri": null,
                        "CertificationStatus": null,
                        "CertificationStartDate": null,
                        "CertificationExpirationDate": null,
                        "ApiFamilyType": "consents",
                        "ApiDiscoveryEndpoints": []
                    },
                    {
                        "ApiResourceId": "441f5d3d-385e-4b06-8a34-5b7c4dfcb125",
                        "ApiVersion": "1",
                        "FamilyComplete": true,
                        "ApiCertificationUri": null,
                        "CertificationStatus": null,
                        "CertificationStartDate": null,
                        "CertificationExpirationDate": null,
                        "ApiFamilyType": "accounts",
                        "ApiDiscoveryEndpoints": [
                            {
                                "ApiDiscoveryId": "fb1a47cd-0620-4a91-b3a9-c5bffb38bd2d",
                                "ApiEndpoint": "https://matls-api.mockbank.poc.raidiam.io/open-banking/accounts/v1/accounts"
                            },
                            {
                                "ApiDiscoveryId": "2191da36-e03c-4802-a44a-66a56a48516e",
                                "ApiEndpoint": "https://matls-api.mockbank.poc.raidiam.io/open-banking/accounts/v1/accounts/{accountId}"
                            },
                            {
                                "ApiDiscoveryId": "1940e9f0-0aea-4164-8f02-f5a1bc72e87d",
                                "ApiEndpoint": "https://matls-api.mockbank.poc.raidiam.io/open-banking/accounts/v1/accounts/{accountId}/transactions"
                            },
                            {
                                "ApiDiscoveryId": "3f29155c-dad9-4818-87b6-059606157558",
                                "ApiEndpoint": "https://matls-api.mockbank.poc.raidiam.io/open-banking/accounts/v1/accounts/{accountId}/balances"
                            },
                            {
                                "ApiDiscoveryId": "636f8f95-f5f0-42c1-84d3-2c4d85ea7bc3",
                                "ApiEndpoint": "https://matls-api.mockbank.poc.raidiam.io/open-banking/accounts/v1/accounts/{accountId}/transactions-current"
                            },
                            {
                                "ApiDiscoveryId": "bb7f64f0-675d-4d23-a8c7-ffad45e7dbc0",
                                "ApiEndpoint": "https://matls-api.mockbank.poc.raidiam.io/open-banking/accounts/v1/accounts/{accountId}/overdraft-limits"
                            }
                        ]
                    },
                    {
                        "ApiResourceId": "c60a1787-20dd-4a0a-9a2d-3fcf4819ded8",
                        "ApiVersion": "1",
                        "FamilyComplete": true,
                        "ApiCertificationUri": null,
                        "CertificationStatus": null,
                        "CertificationStartDate": null,
                        "CertificationExpirationDate": null,
                        "ApiFamilyType": "credit-cards-accounts",
                        "ApiDiscoveryEndpoints": [
                            {
                                "ApiDiscoveryId": "0c0eb910-4fd4-4298-976d-0540e00833de",
                                "ApiEndpoint": "https://matls-api.mockbank.poc.raidiam.io/open-banking/credit-cards-accounts/v1/accounts"
                            },
                            {
                                "ApiDiscoveryId": "58d0de32-a118-41a6-9fa1-b07fe3656bf7",
                                "ApiEndpoint": "https://matls-api.mockbank.poc.raidiam.io/open-banking/credit-cards-accounts/v1/accounts/{creditCardAccountId}"
                            },
                            {
                                "ApiDiscoveryId": "72afda1a-7955-4f2d-9bc6-4884d1adfc41",
                                "ApiEndpoint": "https://matls-api.mockbank.poc.raidiam.io/open-banking/credit-cards-accounts/v1/accounts/{creditCardAccountId}/limits"
                            },
                            {
                                "ApiDiscoveryId": "5a321b7e-4ca3-4103-8ba1-d3fd416f1b76",
                                "ApiEndpoint": "https://matls-api.mockbank.poc.raidiam.io/open-banking/credit-cards-accounts/v1/accounts/{creditCardAccountId}/transactions"
                            },
                            {
                                "ApiDiscoveryId": "f97d1ee9-696e-482d-b56e-2899fb464606",
                                "ApiEndpoint": "https://matls-api.mockbank.poc.raidiam.io/open-banking/credit-cards-accounts/v1/accounts/{creditCardAccountId}/transactions-current"
                            },
                            {
                                "ApiDiscoveryId": "2e8bcf54-27ea-4e46-a49b-5215c5cf1a5c",
                                "ApiEndpoint": "https://matls-api.mockbank.poc.raidiam.io/open-banking/credit-cards-accounts/v1/accounts/{creditCardAccountId}/bills/{billId}/transactions"
                            },
                            {
                                "ApiDiscoveryId": "7d7dd9ac-2a8f-40da-8b1f-624884a55f54",
                                "ApiEndpoint": "https://matls-api.mockbank.poc.raidiam.io/open-banking/credit-cards-accounts/v1/accounts/{creditCardAccountId}/bills"
                            }
                        ]
                    }
]}
﻿
Within the JSON payload above, you can see the ApiResources object which is a list of all the APIs and their endpoints you can integrate with.
Other Ecosystems
In order to get information about the published APIs for an organisation, utilize the below Connect APIs. Since all APIs published within Connect are tied to an authorisation server, you need to first check all authorisation servers added for an organisation and then check the published APIs.
﻿Get All Organisations - lists all organisations the user is authorised to retrieve.
﻿Get All Authorisation Servers for Given Organisation - lists all authorisation servers registered within an organisation along with their configuration.
﻿Get Authorisation Server by Identifier - returns a selected authorisation server along with its configuration.
﻿Get All API Resources Published for Authorisation Server﻿
sequenceDiagram
autonumber
participant tpp as Data Receiver (Client Application)
participant das as Raidiam Authorisation Server
participant dapi as Raidiam Connect's APIs

tpp->>das: /token
note over tpp,das: grant_type=client_credentials<br/>OAuth 2.0 tls_client_auth for authentication <br/> Scope: directory:software<br/>client_id=$client_id
das->>das: Validate Certificate
das->>tpp: Access Token
tpp->>dapi: Retrieve Authorisation Servers
note over tpp, dapi: The request contains the received access token
dapi->>tpp: Authorisation Servers
sequenceDiagram
autonumber
participant tpp as Data Receiver (Client Application)
participant das as Raidiam Authorisation Server
participant dapi as Raidiam Connect's APIs

tpp->>das: /token
note over tpp,das: grant_type=client_credentials<br/>OAuth 2.0 tls_client_auth for authentication <br/> Scope: directory:software<br/>client_id=$client_id
das->>das: Validate Certificate
das->>tpp: Access Token
tpp->>dapi: Retrieve Authorisation Servers
note over tpp, dapi: The request contains the received access token
dapi->>tpp: Authorisation Servers
﻿
1
﻿Get an Access Token - (Read Only)﻿.
Use the OAuth Client Credentials flow as the grant type and tls_client_auth as client authentication method.
Request the directory:software access token scope.
2
Raidiam Connect's Authorisation Server validates the certificate as part of the tls_client_auth client authentication process.
3
If validation is successful, the server returns an access token you can use to call Raidiam's APIs and retrieve information about the authorisation servers and their configuration.
4
Retrieve authorisation servers using one of the APIs listed above.
Include the access token you got in the step #1 to authenticate your client application's request.
5
Retrieve a list of all API resources published for an authorisation server once you have its authorisation server identifier.
Integrate with Data Provider's APIs
Utilize OAuth and any OAuth library you want to integrate with the Data Provider's APIs.
Depending on your needs and the Data Provider's Authorisation Server﻿ configuration, you need to utilize OAuth & OIDC grant types (flows) to get an access token -- a proof your application is what it states it is. You can check which grant types are allowed by checking the server's OIDC Discovery endpoint (/.well-known). To check where to get the endpoint's URL, go back to the Find Data Providers and Authorisation Servers﻿ section. Allowed grant types may include but are not limited to:
Authorization Code Flow - for scenarios where there is a user that needs to be authenticated and provide their consent for third-party access to their resources.
Client Credentials Flow - for machine-to-machine scenarios.
And more...
Establish Secure Connection
While accesing any of the Data Provider's APIs, utilize a transport certificate for establishing a secure connection using mTLS. To see how to get one, go back to the Request Transport Certificate﻿ section.
Using your transport certificate naturally implies the authorisation server will use theirs as well to establish a secure connection. Learn how to validate certificates﻿ for production scenarios.
Authenticate at Data Provider's Authorisation Server
To access non-public APIs published by any Data Provider, you need to authenticate your client application at the Data Provider's Authorisation Server﻿.
Depending on the server's and your client application configuration, it happens using:
﻿tls_client_auth client authentication
private_key_jwt client authentication (described in RFC7521 Assertion Framework specification and RFC7523 JWT Profile for Client Authentication specification)
Using the authorisation servers OIDC Discovery endpoint (/.well-known) get the  /token endpoint URL. Once you have this, request security tokens you need (access tokens, refresh tokens, or ID tokens).
Next Steps
﻿Manage Organisation﻿﻿
﻿Manage Applications﻿﻿
﻿Manage Certificates﻿﻿
﻿
﻿
﻿
﻿
﻿
Field name	Required	Field description	Example
Client Name	Yes	It is recommended to use the brand name that the customers are familiar with. This is the name of your software application a user sees while providing their consent to share data.	Raidiam
Client URI	Yes	Website or root URI from the resource.	https://raidiam.com/info.html
Policy URI	Yes	Must be a defined text sequence that represents a single unique policy URI.	https://raidiam.com/policy.html
Logo URI	Yes	Brand logo URI	https://raidiam.com/logo.svg
Terms of service URI	No	Must be a text string that represents the unique URI for ToS	https://raidiam.com/tos.html
Application and Technical Redirects	Yes	Must be a text string that represents an unique URI for application and redirects. This is the URI where the user is redirected back after they provide their consent. You can provide one or more URIs that will be registered at the authorisation server.	https://raidiam.com/cb1 https://raidiam.com/cb2
Description	No	A text description of your application.	Raidiam your service solution
Version	Yes	Version of your application. Must be defined by a numeric value, an integer, or a floating point number.	1.2
Provide Data
Concept Guides
Receive Data

Prerequisites

Add Application

Select Roles

Request Transport Certificate

Find Data Providers and Authorisation Servers

Open Data Ecosystems

Other Ecosystems

Register Client Application at Authorisation Server

OpenID Federation and Raidiam's Simple Registration Endpoint

Register Application Using OAuth DCR

Discover Published APIs

Open Data Ecosystems

Other Ecosystems

Integrate with Data Provider's APIs

Establish Secure Connection

Authenticate at Data Provider's Authorisation Server

Next Steps

﻿

﻿
