OAuth2 authorization code flow: Internal users

Within the context of system API authentication, an internal user is a person who is listed as a user in the PolicyCenter database. For example, Alice Applegate, a PolicyCenter underwriter, is an internal user. Internal users can use caller applications and trigger system API calls from that application. For example, suppose there is a location photography portal that contains pictures of covered buildings taken by a third-party field agent. An underwriter reviews and selects pictures to be saved to PolicyCenter. This action triggers a system API call by an internal user from a caller application.

This topic describes how to implement system API authentication for internal users using bearer token authentication. (For information on how to implement authentication for internal users using basic authentication, see Basic authentication.)