Choosing an authentication flow

Endpoints withing Cloud API must control access to the data and actions within PolicyCenter. When a caller tries to access data or execute an action, the caller must be authenticated and authorized. Authentication is the process of verifying that the caller is who they claim to be. Authorization is the process of determining what operations and data the caller is allowed to access. These two process are often referred to collectively as "auth".

The following topics provides an overview of the different aspects an insurer must consider when planning an authentication approach. This includes:

  • The different types of callers that Cloud API supports
  • The different applications involved with Cloud API authentication
  • The types of access enforced by Cloud API
  • The supported authentication methods

This concludes with a topic that can help insurers determine which authentication flows are most appropriate for a given caller application.