Cloud API Authentication Guide
Choosing an authentication flow
Overview of authentication
Types of callers
Authentication architecture
Types of access
Authentication methods
Authentication failure error messages
List of developer tasks
Selecting an authentication flow
Auth flows to choose from
Detailed discussion of issues to consider
Which OAuth flow must the caller application use?
Which user is attached to the session?
Where do authorization values come from?
Who enforces resource access?
What values are used as resource access IDs?
Summary of the issues to consider
Additional auth flows
Authentication flows in detail
Basic authentication
Overview of basic authentication
Credentials
Authorization
Request headers
Example flow for basic authentication
Implementation checklist for basic authentication
Sending authenticated calls with basic authentication
Send a Postman call with basic authentication
OAuth2 authorization code flow: Internal users
Overview of authentication for internal users
Credentials
Authorization
JWTs for internal users
Logging
Example flow for internal users
Implementation checklist for internal users
Sending authenticated calls for internal users
OAuth2 authorization code flow: External users
Overview of authentication for external users
Credentials
Authorization
JWTs for external users
Logging
Example flow for external users
Implementation checklist for external users
Sending authenticated calls for external users
OAuth2 authorization code flow: Anonymous users
Overview of authentication for anonymous users
Credentials
Authorization
JWTs for anonymous users
Example flow for anonymous users
Implementation checklist for anonymous users
Creating an account as an unauthenticated user
Sending calls as an anonymous user
OAuth2 client credential flow: Standalone services
Authentication options for services
Overview of authentication for standalone services
Credentials
Authorization
JWTs for standalone services
Logging
Example flow for standalone services
Implementation checklist for standalone services
Sending authenticated calls for standalone services
OAuth2 client credential flow: Services with user context
Authentication options for services
Overview of authentication for services with user context
Credentials
Authorization
JWTs for services with user context
Logging
Example flow for services with user context
Implementation checklist for services with user context
Sending authenticated calls for services with user context
OAuth2 client credential flow: Services with service account mapping
Authentication options for services
Overview of authentication for services with service account mapping
Credentials
Authorization
JWTs for services with service account mapping
Mapping services to service accounts
Logging
Example flow for services with service account mapping
Implementation checklist for services with service account mapping
Sending authenticated calls for services with service account mapping
Unauthenticated callers
Overview of authentication for unauthenticated callers
Credentials
Authorization
JWTs for unauthenticated callers
Logging
Example flow for unauthenticated callers
Implementation checklist for unauthenticated callers
Implementing authentication
Enabling bearer token authentication
Registering PolicyCenter with Guidewire Hub
Enabling asymmetric encryption
Enable asymmetric encryption
Specifying deployment information
Configuring the IdP
Configure the IdP for bearer token authentication
Registering the caller application with Guidewire Hub
Register an application with Guidewire Hub
Endpoint access
API role files
API role names
API role endpoints
API role accessible fields
API role example
Assigning API roles to callers
Assigning API roles to internal users
Assigning API roles to external users and services
Assigning API roles to other types of callers
Reserved roles
Designing API role files
Configuring API roles
Create an API role file
Modify an API role file
API roles and localization
Resource access
Resource access strategies
Resource access files
Permissions and filters
Resource permissions
Resource filters
Configuring resource access
Proxy user access
Proxy users
When is proxy user information used?
Configuring proxy users
Create a new proxy user
Security levels
ContactManager authentication
Supported caller types
Resource access for ContactManager
Tag-based access to contacts