search

Delegation

circle-info

This page must be considered part of the iSHARE Framework

This page is considered normative and is therefore compliant with RFC 2119.

hashtag
Obtains delegation evidence

post

Used to obtain delegation evidence from an Authorization Registry. The response is a signed JSON Web Token. Please refer to the models 'jwtHeader' and 'jwtPayloadDelegationEvidenceToken' which indicate what the decoded response will look like.

Authorizations
AuthorizationstringRequired

OAuth 2.0 authorization based on bearer token. MUST contain “Bearer “ + access token value. Must be provided if restricted endpoints are needed.

Body

The model used for request body in /delegation endpoint, for obtaining delegation evidence.

Responses
chevron-right
200Success
application/json
delegationTokenstring · application/jwtOptionalExample: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlHbERDQ0JIeWdBd0lCQWdJVWJsT1hOMmpiamVSaWJUcnoxN3FzTWd1Tlk4MHdEUVlKS29aSWh2Y05BUUVMQlFBd1hURWVNQndHQTFVRUF3d1ZaVWxFUVZObFUwVkJURTlKUkY5SmMzTkRRVWMwTVJrd0Z3WURWUVJoRXhCT1ZGSk9UQzFwVTBoQlVrVlVSVk5VTVJNd0VRWURWUVFLRXdwcFUwaEJVa1ZVWlhOME1Rc3dDUVlEVlFRR0V3SllXREFlRncweU5ERXhNRFl4TkRNME16SmFGdzB5TnpFeE1EWXhORE0wTXpGYU1ISXhDekFKQmdOVkJBWVRBazVNTVNRd0lnWURWUVFLREJ0VVpYTjBJRUYxZEdodmNtbHpZWFJwYjI0Z1VtVm5hWE4wY25reEpEQWlCZ05WQkFNTUcxUmxjM1FnUVhWMGFHOXlhWE5oZEdsdmJpQlNaV2RwYzNSeWVURVhNQlVHQTFVRVlRd09UbFJTVGt3dE1UQXdNREF3TURRd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUM4VndPQzIvWXVCNVpXeE5YMzNUYW55WFF6dEUzWWU3TjN0bTZsVGJ1OXEzbDlMYkNJeTlGelZvNHVWTjI1YnpKVDg2MlpQWXp4MFNrVVhvUkVUMFF0MnNMRFpZZ05SdjN0SDFuSkRFM0FKUlM4RUtDVlZ4Rllvc0tiQ2gzNDhadGRwd0tMVUtzUnE1M1VJcTBIaHF1bUptdHhVY2NUYk1OMXYwY1RXaDdXMVdBaVlRY0lqWmQwY0pweFBOYVRmVk5Ha093aHcyRDJTZlA4S0dlL1NicVBxVVUwVjNNNUJlWlRKS21HZDhJUzFlRUk1ZmRrK0ZhUGhRL2ZjbC9NaHRobzhXclJNVW1tNWw2Q21tMkkrbHVxVThSbkVQVjFYUlpJUFlzcmlJc1ZyaUFyb2FjNTdYaTB2SHh3bGUwK2JPdzJWZkpMUmgwM2l3NGFEMTVHKzYxVkFnTUJBQUdqZ2dJMU1JSUNNVEFPQmdOVkhROEJBZjhFQkFNQ0JrQXdEQVlEVlIwVEFRSC9CQUl3QURBZkJnTlZIU01FR0RBV2dCU3pHazlDUU9uWWVKMXIvL3drc0JDeE5EendpVEJYQmdnckJnRUZCUWNCQVFSTE1Fa3dSd1lJS3dZQkJRVUhNQUdHTzJoMGRIQnpPaTh2WTJFM0xtbHphR0Z5WlhSbGMzUXVibVYwT2pnME5ESXZaV3BpWTJFdmNIVmliR2xqZDJWaUwzTjBZWFIxY3k5dlkzTndNQkFHQTFVZElBUUpNQWN3QlFZRFZSMGdNQjhHQTFVZEpRUVlNQllHQ0NzR0FRVUZCd01FQmdvckJnRUVBWUkzQ2dNTU1Gc0dDQ3NHQVFVRkJ3RURCRTh3VFRBVEJnWUVBSTVHQVFZd0NRWUhCQUNPUmdFR0FqQTJCZ2dyQmdFRkJRY0JBd3dxVkdocGN5QnBjeUIwWlhOMElHVnpaV0ZzSUdObGNuUnBabWxqWVhSbElHWnZjaUIwWlhOMGFXNW5NQjRHQldlQkRBTUJCQlV3RXhNRFRsUlNFd0pPVEF3SU1UQXdNREF3TURRd2djY0dBMVVkSHdTQnZ6Q0J2RENCdWFDQnRxQ0JzNGFCc0doMGRIQnpPaTh2WTJFM0xtbHphR0Z5WlhSbGMzUXVibVYwT2pnME5ESXZaV3BpWTJFdmNIVmliR2xqZDJWaUwzZGxZbVJwYzNRdlkyVnlkR1JwYzNRL1kyMWtQV055YkNacGMzTjFaWEk5UTA0bE0wUmxTVVJCVTJWVFJVRk1UMGxFWDBsemMwTkJSelFsTWtOdmNtZGhibWw2WVhScGIyNUpaR1Z1ZEdsbWFXVnlKVE5FVGxSU1Rrd3RhVk5JUVZKRlZFVlRWQ1V5UTA4bE0wUnBVMGhCVWtWVVpYTjBKVEpEUXlVelJGaFlNQjBHQTFVZERnUVdCQlJBdHJ4TFpQQ2JCbnlQYy9ualdYYk9zQy95Q1RBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQVJzTktsVFBnVWRNTGZMU1V3b2ZuKzNSZmM2amVIR2d6bCtxQ29MMlRkbmxOOWZFdHY1TlMweFZyL2x5Ykx1MDFQdUk0Mmd4bmgvZ1BLUDA2ZlV1VXI1WVpySzVNeHczUUhZdzhpdlNDcndvcE1zSUhob1FjN0g2MUtZNlV1WlFJVXRCUitHdmVBVUx4NC9Vd2pKY0MrdTM3aWd3akZ6QkVneUQ1dzJGNHViajh5N0hlNEthVGhBM2xOVmkwVXprdDhUb1NBNnBoSTA2eTMwREYyUGN3UkloT1NkT1NSMzJZVTZxVXgxSXJnRU13K3VYa3NMYmt4eU0rdjQxek9jMkh5alpXZGpJTFZLbDBQYnhXcE9DYmdndm4wdDE0anhzaVVoekRFcHd1RVNFZHJhUnBoaVVrWlMrbHdqeEhEengyRlhVKys0d053ak9yUldhdXlkSHlsaGZtMlMvMWFwTmlvUk0zcXZscXVrUWEyVzhqZWRYR2Y5d0tEcDZBc2VBK3RlNWJVb1VRUGZTYnNzYWFHMllucWRjNTFDbk1WZldmemlZWTJ3RWpKVHpwZ004SXRmRDlrV1VXbWwxYi9wODhiQ3RTZFZLbHFKRUlXazdvK1V5QTZCUFBIVUhsUkRRNlU5aGlCM3dGeHQ3K3FPNXFDd2hPN0xkSmkzNEZtUEE4WHhOdHZCMjB6dFlveS9PcXlDanVUbUxQU0p6Yk9BcVlPSzl0TmozSU5aMWUvZjdYV2Q0ME9JVnRXeFYzdEM4ZUQ4TS9zV0k3ZUt2ajhET0JWcDBjMkNBL1E2ekVRSzNTNWM5U1ZuVGZLQzQ1RFhWaU8zYTV2cGhHakNlSG5EWWN4SmpHTzZ3d0szR1hmNHVGeVZzRjducGVoN1N2NnR4UDE5QjBnWHprWWdFPSIsIk1JSUYyakNDQThLZ0F3SUJBZ0lVUEczK1RBbnhWT0JjZTlOYVB0OXBUQWdtNVI0d0RRWUpLb1pJaHZjTkFRRUxCUUF3UWpFZU1Cd0dBMVVFQXd3VlpVbEVRVk5sVTBWQlRFOUpSRjlUZFdKRFFVY3pNUk13RVFZRFZRUUtFd3BwVTBoQlVrVlVaWE4wTVFzd0NRWURWUVFHRXdKWVdEQWVGdzB5TXpBNE1qVXdPVEF4TXpKYUZ3MDBPREE0TWpVd09UQXdNRFZhTUYweEhqQWNCZ05WQkFNTUZXVkpSRUZUWlZORlFVeFBTVVJmU1hOelEwRkhOREVaTUJjR0ExVUVZUk1RVGxSU1Rrd3RhVk5JUVZKRlZFVlRWREVUTUJFR0ExVUVDaE1LYVZOSVFWSkZWR1Z6ZERFTE1Ba0dBMVVFQmhNQ1dGZ3dnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDRHdBd2dnSUtBb0lDQVFEYW5VZ00xL1BReVhOVFgrVU9MR3JaalM4SGFUV1IvUDR4RDhTTUNSeE9YSEt6SExRcUVRT3VIRC93K3J4OS9iRXd6SDR3VmZKMG02L3I1NktPZzB3TFVsVndPeWlrT1hHb0lURDJ1K1VpOXQyNHRZSWt4OHpqTEc3VkhWY3c0ZFhPdDkyc3ZLWTFMeWJ2bHByb1d6VEhsUndvSU8xWVE0aE8rcnlic3cvS0VERVhVYmtvd2psSEFQY3duc09XNjQzNjdFTitlelQxc1M4ZHpGSXhtRzhxQzJMck0yc1hKV3FxNXZKZUUvODZUZloyTk1PK0NVeGtqajd1UGdiVzJWL01PVWhZeUF0R0FqemQvS3dPckxNUk1ZYVhPSWo2MW04UjcxbmgvTFY5bjhkbmowd1RRT05USGh1TTdtZFpReGhxT2RrTDJja1NyQldpM2F0RVZUMU9oQlJYNEZtbWhJaG1TV3VDdGd5S2lEQ0lvdHlHQXNYMm82ODE3ZmVlNFJkdHdmdzlRNG9OM05BaHRvZDYwaU9BV0FwVnQrQlQ1dHZkZ0dPWVdQY2JNUjVwR3picDM4ZEdVeXV3WVpWNExBbklHU201eWF1Y05FMkUyeHJRQ2JFZVptNFJQc3g1SmxlV3ppcGsrNDJkN3ZxdldEODhJUWNRK2JaTTJYNHJKQlpOczE2NkNseCttNkhtS3hLQUxlYlV0anN6c2d5SDhjcTEwZCtrNEFvOG9DYU9ZanYySWFFYk1kK2ZWL1VmOGtQa3pUdEtsdHRkcWlpeG9JcXljWE1FZ0JhU2drdWI3WG9RNksyNnRSUEowdzVRa3V1aDNNS3RHRVdmVzdFRUdtcG5DcWpPdjYvckFNSmlNV3loMUlnTGdOQlVQUDd6YVZQcERBdEM4OE9TSlFJREFRQUJvNEdzTUlHcE1CSUdBMVVkRXdFQi93UUlNQVlCQWY4Q0FRRXdId1lEVlIwakJCZ3dGb0FVNHViWDBwNkRWak45REt0T1dXTVlBcytIeGRRd0dBWURWUjBnQkJFd0R6QUZCZ05WSFNBd0JnWUVWUjBnQURBcEJnTlZIU1VFSWpBZ0JnZ3JCZ0VGQlFjREFnWUlLd1lCQlFVSEF3UUdDaXNHQVFRQmdqY0tBd3d3SFFZRFZSME9CQllFRkxNYVQwSkE2ZGg0bld2Ly9DU3dFTEUwUFBDSk1BNEdBMVVkRHdFQi93UUVBd0lCQmpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQVp2NUd1a3gwUEV2VlJFSXQ4TVRhUGZDSDRhd3lpaVl5aTE3aDZSNUxMazFyZXJ3UXNTU1NIZlZxZnRkd1JGMG9jTHAyUFhKaGUwNzVxVjQwNkMwNENqYW1OazNlejlaaU5IQ05qUHRmaWQ2b094cXoxWGs4WFBqTllFbGJBRm1QN2VLbC80NDF2WmhHdWsvUmhYR054UWJ0bzBRMTZnOElSY0dEdldnTmh0cnRCMUcyeFNtdEIxUzJ1VXBTYWlaVk5PcmtkelRoaUVKc2VVUkJvWHhVWElxcEx5UFRSbDZNTWdWYUxHUllSYzN2WWlqNEI3TTJoQk43L2NqbkdMc01WdGdiT3Y2Q1YyMWcyU1hvd2JnT3F6QnlINTFVVFI2T2JIaUdqMGtTQ0FMRzE0SVFQa3pRUGlTcGp1Kys5TTJqQWpQTTNvNDIxWk9VRE1QMjQ2Q3NxUFhyVEFiUFhKVlVSL2dpNHU1M2ttekMyMTBqdlZxOWhId2VseFFPVFBGaGxNNkUxQ2g0SmI0UFFSTEtEUEZsKzVOVzRGeTJKQURqeXVweVZIbmNkTEV1UHkwUGdDTDJZbzE0N0hTcFBqNHU3amMxUm1IVTdOTzEyRVYyWkNNZkZsUndkR3Y2aWY4cU83cy82bHBaSmpwUHRMRU9iQTV0RDRhaGMrYVBOQWk5V0NrMHBlUm0xS0U1VkdEV0tGTlNOQWlMSk56UDdtMlE2eThmT3kzOGNOZ0ZCaEdPRi9LZ0VJc1QxMFYrNUs1byt5bFZWdFBWZVJSRU5FdktPOUVMa3plMElIZ3NUQi82Y3dPaWo0cHhNOUp2YXVqMDZHZ2xoSWhpSUE2cTBpRFVxQjFNVVIwSHppWTlCc25XWTlrUjhod1YzT1crbnNtenRRd0dWRXcya2pVPSIsIk1JSUZqakNDQTNhZ0F3SUJBZ0lVRmo5LzNqR09SaHRJcFo5OE9MUnRSSHMwQVlzd0RRWUpLb1pJaHZjTkFRRUxCUUF3UVRFZE1Cc0dBMVVFQXd3VVpVbEVRVk5sVTBWQlRFOUpSRjlTYjI5MFJ6SXhFekFSQmdOVkJBb1RDbWxUU0VGU1JWUmxjM1F4Q3pBSkJnTlZCQVlUQWxoWU1CNFhEVEl6TURneU5UQTVNREEwTkZvWERUUTRNRGd5TlRBNU1EQXdOVm93UWpFZU1Cd0dBMVVFQXd3VlpVbEVRVk5sVTBWQlRFOUpSRjlUZFdKRFFVY3pNUk13RVFZRFZRUUtFd3BwVTBoQlVrVlVaWE4wTVFzd0NRWURWUVFHRXdKWVdEQ0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQUw3bnpreW9GWFdnMWdoZEc2Zm51enV2QWRNV3NtL0krbVgzRGJ6M0kvS3lxTGRXdDdYRzNPV1ZTbmhvc0FEMlcyU1hubEdYcXh5ZTBoUHRFZ2tRSWRlbDdGbkZvc1dXcnNFT3JhdGdYbG5NNE5XcFlES01XRVZZcm83aHpIZ0NaMTI2WlBRVUxsczUyTmN2cFJNOFMzZFprK1hLMWtmM1ZlUzBKMmhVU0ZFQVpITHlYQ1hraFRuVUk3cW8xdXIxVG1EV1lzTlF3eERHT3U3Q1F5WllkS0l3S3FJOWVHc1JMZ002UFFsZzN2WkNyb3BPb2RNN2xvVHVpckNsM1VLdzRIckdrMmNPaUFmNElkLy9lYVZDYWZ3a2pLc0pUUXVBYWh1Uno0cU1zSFlBM2tEUXorMCtoZ25SNzRyK2lMcis4bHIwNDRnbG5hV0lXdnJFR2NpUlIrUGVjdGZyTE9RUUlXN2hhMTNkeldvemtUMGFnblQxTGsvQ0dyZ05YVnFob3NHQzBydUFRUEk2RGNQTnkySU5NOUpndENtQnNTak1NMTg1RklCWDRDeTE3bTczaDlyS2pYWk14YjZUeFg3Q0laeWVzZ0FTMGJCUmI2eElwS3NacmxyakVhenNqQzJWSFJSV09NSldZcWNYTEQ1Wk56R01aVXI2VHQyeUNVQXRhbWVjREFUS042L0dic3hlMHRBQk4wcGswcng1aWMrNFRYZEJyb045T0FaY2hINHRKQ3NPQ0tvbkN6QXBQeFZUaEROTXhzb295RnE5RG1nWGh5RVVPT29lUytGcjRGZ0gralNBTm0vbDE3OEpoOWVwZlhROWdFLzZhcVB4WWpOU0JnUzYwUzFFVnFDcHh3MnJUMW1VWWVHZndpYlZtNTNpeEdwdFI4a3RlNzBuQWdNQkFBR2pmVEI3TUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SHdZRFZSMGpCQmd3Rm9BVTJMdWJOUzFiUCsvaGE4dk1ETStpTHJwcGVvd3dHQVlEVlIwZ0JCRXdEekFGQmdOVkhTQXdCZ1lFVlIwZ0FEQWRCZ05WSFE0RUZnUVU0dWJYMHA2RFZqTjlES3RPV1dNWUFzK0h4ZFF3RGdZRFZSMFBBUUgvQkFRREFnRUdNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUI4anFZVXc3VHYrVzRaSDA2UHJhRjZ6ZmRDeFQwM0RoUkNodzRaL1FtMFhWUzJnUnlSd2NNcHRRRkVSaFBOT0EyMjF1OUxxb3paMWFLM0IzNXdrY0dEL2RGSmdKQ0pCOTZTTXR0UWwySHAvRWlRejlQRkYwMmRCU3J1WGhJYXJhUGJNK05JR2RteU4yWnl3R0dYSTFhVTdKRDNYRzI5U2gyQUFkT2t2OGRJNmdFZ3p0L0RIU0lJYmFrYmFMZEVJYzdXQjk1R1VIY0huTmo1OFR6VFN5VmZCbXRiM3ZCSzlKRzBJbzZOQVBXUVl4MlZQOCtmSXlsamEyZDEyOGhnaDBkc0RyWEZBTSs5QVg4aGFlNXZ2eFZpOFRXcy96MmluZytrK2ltbXRTTmZ6ektNaU83cjV3SkFreWp3dFVCbEJTdEtJQTZaZXIyMnBtU1RaWmV1Y0hkRVRoYWJjV1FpZFZabU1QM0lmNml4NVVleVg4VjZPQXcwZ3NJM0lVYjkxUTc2ZDRzTFdiem9HTk9OQVlGQzFJeXoweFdqNDdaZDZQN1oyR2ZoMVZpSWJNeFZpRkRsTm1iRVpmbHBFUzg3Sy95aEJVUS90bkNOR1FvU2R0c3V5dVdnM05mV2J5Sm9OWnpsVTk2Sld4Y3FTYVhrenNlOWo4d2FoYXlLTk02U1dLU1kxWjA1aDhKU2NPQ21GQjVGOFYzYmQ1blAvdUtqYTdIOE80R09BQVBNM090RytlcTM3eFcveE4wb0FzamJ2dDRvam5VYkpzMmtpQXhFZHdYeDBLN21jUGVTN3pXbVZ0OGg0UmRjRG0vUEdURGE5bThPcWhRdWNrODBRbnV4SVVXVnI3R1dhZGgxTHkvdGwwK2J2bWtjbk8yeWJSSitnYnFSRUhEVGUwc3hzdz09IiwiTUlJRmN6Q0NBMXVnQXdJQkFnSVVDdmZTdlFlcmpGRG1NMkx2bWpvVERPSW5MQXd3RFFZSktvWklodmNOQVFFTEJRQXdRVEVkTUJzR0ExVUVBd3dVWlVsRVFWTmxVMFZCVEU5SlJGOVNiMjkwUnpJeEV6QVJCZ05WQkFvVENtbFRTRUZTUlZSbGMzUXhDekFKQmdOVkJBWVRBbGhZTUI0WERUSXpNRGd5TlRBNU1EQXdObG9YRFRRNE1EZ3lOVEE1TURBd05Wb3dRVEVkTUJzR0ExVUVBd3dVWlVsRVFWTmxVMFZCVEU5SlJGOVNiMjkwUnpJeEV6QVJCZ05WQkFvVENtbFRTRUZTUlZSbGMzUXhDekFKQmdOVkJBWVRBbGhZTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUF4Vk1LSTlSTWhuT1NBMkxvcmdFQzNZRE5kMml0bjcyTE9kZlJSVXU0NWZHNzBJZXYrRTRrUnJ6SjFrMjNXWEg1c0hUYmNzbHBFVGVBWm5qMC94S0JZZEVMdXdlNkhYOGtJd2QxczZXR2xaYzBsN2tpMWZtajRIcVNzdEdKL0JLR2oxYTcyMzZXd1BKRVdFSHFmeDlRTUVldUpLbFVTVkZGeUU0ak1zZllwODdpZklwdXdFOG9MT3c0eWtERE9QNTJUZDA2dkhDSVlycURCcnZ4RmRBdUVuRnhOeGxQWFJFNGdMc3lnZzYySE94T3VHbWhXZnN5NlRjY0lwNVhJT2RqMkN6ZW9YSjgybTUvaW1CUEp2a2VmbnJqRVFYemlTRTJtaTJJQkR0R1AvQXdGV0k3V3BzRXlEWFdJbU1TUjBUM0N1RG1rZVExNHBObWNxTXAvYnFYM2kxYWV0YWRGVFdzdWhsMG5IMmlScUtaREp4WmxTY3U5OXRvcTVHcmRjRlVjeEdSUXlsK3NGaFVoM1hjQldKVjdZMnduRkwydFk3dGh0UThaUG16VE84a1BLQ2JFbDVVNmdDU0lrcFJQTlpCUEc0ZFQwcXUrOEJkNzFQdTduQXkxaUI0VTZ5czM0Y0ZsT2xKcEdNMEZHcjM1TGVmYlBSOGJnejZNOVhOalJiZ01EUWNYRE1uZmlESjdFODFvVkJwQ1hOOXlkSGkxYmxoYWt1RUJhb2E5TS9rYXppcEdQbUF1eHJXQk1tcDJxMHd6UXA5R1MyZThrZUpJRHdKdXl6RUxhUlpDNHlqVnNWWlFNSy8vRCs0SjNib1U1ZHJDbW1tNkMxcndOUmZTWnVGR05jSVlEWmVIdGVHb0NGNEVBNWpjZ2RGYUlZckRlajZWQWFiNDJ2TjVMVUNBd0VBQWFOak1HRXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QWZCZ05WSFNNRUdEQVdnQlRZdTVzMUxWcy83K0ZyeTh3TXo2SXV1bWw2akRBZEJnTlZIUTRFRmdRVTJMdWJOUzFiUCsvaGE4dk1ETStpTHJwcGVvd3dEZ1lEVlIwUEFRSC9CQVFEQWdFR01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQmJjSHlWMmI1bUd3SFd4Q1NiRHdyNVY3UGdTWklKYTFzY3JDbklIRDNaL3l4RzdYcDVjSWxCajRNeTRsUkhqWnRKVnZVZlRqRnBzRURFdi9QQXE3NE9Jb2xOL2tQZE1mVGN6RkJHcHZzWnIweDJ5VVBFSnpRc1RTTHgwZ3daK3d2b0tIV0UwQzdHcWdrQUJOckZXOEZMcVJ6TnFYc21NNW9JNGMzVjVzeXh3QllGRFVZNU1QV2RxSkVEZlJ2ampKUENYbUtPUDFsTytpK0UwN3ZzRnBEekhTMkZLQjVjNnNUSVprdnQrSC9DRzRoVnU2WnZjRlhYenYySksvRW9WWjZ3VWRDbHQ0cExnVFFaL1cwcVFDSjNHakZlL1BaNzRtY2tXMXgvems5ejBWUWpVcFRxejNBalBMSWpqNjBuTUxUTHA1MG9GY01ManVYc3MwdnY0dFVqQ1RwczJRZzluMEd3TGxEUjQyTnl3MlRLY01NQjZ5Y0VvTmlVRXUwbGdhMUpNMFNWU3NGUDdHU1UvVzlWcWF0Szd4cC9YVzkvR0R2Z3AzWi9wUE0wRTNpMXRxcC9uT1U0M1lvZjhXaTRKSjZ6T2dYQnpxUXhPNk1JTFpKNHFFZmVuQXRJN285NVR5NXlrOXZSYm9Vc3R5d3NmQzZDVnN1MDhOTC90dHc0T1NYT3Zia1ErN3pNeENZVDlZeVFENWwvbHRDM2JnZGovbEJaem5zQnVHWU5PQjE2d0ROY0dwdXVhZWtzZlFmQkRQSFQrdlI2Z1BWRlpweVZ3eS90ekg2TlRwVUdEam9IVnNDeFVqWTg3ME9NNEQySmNqOU9JcXFkbGtDb1dPNmk0VmVjN3NUenhpWDM5b05TcjFHN0NvYmMzc1lkaG54Zy92bGcxQmVDSjg3cDBBPT0iXX0.eyJpc3MiOiJkaWQ6aXNoYXJlOkVVLk5MLk5UUk5MLTEwMDAwMDA0Iiwic3ViIjoiZGlkOmlzaGFyZTpFVS5OTC5OVFJOTC0xMDAwMDAwNCIsImp0aSI6IjdmYTFlYzM5YmFjMzRmZmZhMmNhNDgyMDFlNDhmMDNhIiwiaWF0IjoxNzExNDY2OTg1LCJleHAiOjE3MTE0NjcwMTUsImF1ZCI6ImRpZDppc2hhcmU6RVUuTkwuTlRSTkwtMTAwMDAwMDEiLCJkZWxlZ2F0aW9uRXZpZGVuY2UiOnsibm90QmVmb3JlIjoxNTQxMDU4OTM5LCJub3RPbk9yQWZ0ZXIiOjIxNDc0ODM2NDcsInBvbGljeUlzc3VlciI6ImRpZDppc2hhcmU6RVUuTkwuTlRSTkwtMTAwMDAwMDUiLCJ0YXJnZXQiOnsiYWNjZXNzU3ViamVjdCI6ImRpZDppc2hhcmU6RVUuTkwuTlRSTkwtMTAwMDAwMDEifSwicG9saWN5U2V0cyI6W3sibWF4RGVsZWdhdGlvbkRlcHRoIjowLCJ0YXJnZXQiOnsiZW52aXJvbm1lbnQiOnsibGljZW5zZXMiOlsiSVNIQVJFLjAwMDEiXX19LCJwb2xpY2llcyI6W3sidGFyZ2V0Ijp7InJlc291cmNlIjp7InR5cGUiOiJHUzEuQ09OVEFJTkVSIiwiaWRlbnRpZmllcnMiOlsiMTgwNjIxLkFCQzEyMzQiXSwiYXR0cmlidXRlcyI6WyJHUzEuQ09OVEFJTkVSLkFUVFJJQlVURS5FVEEiXX0sImVudmlyb25tZW50Ijp7InNlcnZpY2VQcm92aWRlcnMiOlsiZGlkOmlzaGFyZTpFVS5OTC5OVFJOTC0xMDAwMDAwMyJdfSwiYWN0aW9ucyI6WyJJU0hBUkUuUkVBRCJdfSwicnVsZXMiOlt7ImVmZmVjdCI6IlBlcm1pdCJ9XX1dfV19fQ.dNiITX_uHj3CJagOm54W-_MD2PXIsh1snviAtuoRbc7a7nRkQXZShJJDpldpyQOugsqFFhgLedUXM5z8kST0-5a9BNaaxrW5KAZNqyXtDgudRgB8T2vrohcmgLin39pgvD1gydoHHIXolJxPHCOYdxAamMD-8umvTzCFogjdwFaB9RMVWUHMbDuAZGYup-lSewuIK2pkwKJZft5ZRWxfignBBt2mauB4wot5Z92VLPReNA8EH0R9C_GkykP6pRCu2Km7La3c116WNP0szN02l8P87rqVNwDsjLpzhpH1cs17shDvbis8DbKb3KsHnq_LALAG9nx4GOFrupxuAadhGw
post
/delegation
200Success

hashtag
Request model

hashtag
Headers

  • Authorization String. OAuth 2.0 authorisation based on a bearer token. MUST contain “Bearer “ + access token value. How to retrieve the access token can be found in the Access Token Endpoint section.

  • Content-Type String. Defines the request body content type. MUST be equal to application/json.

hashtag
Parameters

The body of the request MUST contain a JSON with the following structure.

  • delegationRequest Object. Root level. (Required) The request for delegation evidence.

    • policyIssuer String. Contained in delegationRequest. (Required) Identifier of the delegator (the delegating entity, usually the Entitled Party).

    • target Object. Contained in delegationRequest. (Required) MUST for the root level contain an accessSubject. No other elements are allowed.

      • accessSubject String. Contained in target. (Required) Identifier of the delegate, also known as the entity that receives the delegated rights (usually the Service Consumer).

    • policySets Array of Objects. Contained in delegationRequest. (Required) A container for one or more objects containing policy elements with an indication for further delegation. Note that policySet elements within one delegationRequest MUST not restrict each other, but rather offer a mechanism to express additional rights. They will be evaluated by the Authorisation Registry in a permit-override manner, allowing a Permit if only one of the policySet elements evaluates to Permit.

      • policies

        Array of Objects. Contained in policySets. (Required)

        Used to express the actual rights for which evidence is being requested. Note that policies within one policySet object MUST not restrict each other, but rather offer a mechanism to express additional rights. They will be evaluated in a permit-override manner, allowing a Permit if only one of the policy elements evaluates to Permit.

        • target Object. Contained in policies. (Required) Describes the target, in terms of resource and action, this request applies. It is also the scope that is permitted through the default rule.

          • resource Object. Contained in target. (Required) Contains type, identifiers and attributes.

            • type String. Contained in resource. (Required) String which describes the type of resource for which delegation evidence is requested.

            • identifiers Array of Strings. Contained in resource. (Required) An array of strings containing one or more resource identifiers for which the delegation evidence is requested. Use of wildcards (for example, "*") is allowed.

            • attributes Array of Strings. Contained in resource. (Required) An array of attributes of the resources for which the delegation evidence is requested. Use of wildcards (for example, "*") is allowed.

          • actions Array of Strings. Contained in target. (Required) An array of actions for which delegation evidence is requested.

          • context Array of Objects. Contained in target. Optional. Placeholder for any information regarding the context of the delegation request. This will help the Authorisation Registry in evaluating dynamic conditions before providing delegation evidence.

            • serviceProvider Array of Strings. Contained in context. Optional. Reserved name for a party identifier of the service providers at which the service will be consumed.

        • rules Array of Objects. Contained in policies. (Required)

          • effect String. Contained in rules. (Required) Value must be equal to Permit or Deny. In the delegationRequest a value of Permit is expected, requesting the Authorisation Registry evidence that access to the requested resource is permitted.

  • delegationPath Array of Strings. Root level. Optional. Container for one or more iSHARE identifier values for a situation where multiple delegation policies need to be linked together.

  • previousSteps Array of Strings. Root level. Optional. A container for one or more pieces of evidence, such that the client has a legitimate reason to request delegation of evidence. For example:

    • Client_assertion

    • Delegation_evidence in a delegation chain

    • Other evidence or information, as determined by the data space (could also be verified post-transaction), specification beyond the scope of this framework

    Privacy considerations: to prevent unallowed access to delegation evidence, a data space or participant can decide to require evidence or information in the previous_steps attribute, depending on the nature of the data that is being shared.

hashtag
Response model

The response contains a, containing an. The model of the delegation_evidence_token JWT response is available on the iSHARE OpenAPI documentationarrow-up-right. For convenience, the model of the delegation Evidence object, contained within the token, is described below:

  • delegationEvidence Object. Root level. (Required) The root of any delegation evidence.

    • notBefore Integer. Contained in delegationEvidence. (Required) Unix timestamp indicating the start of the validity period of this delegation evidence as indicated by the Entitled Party. By default, SHOULD be equal to the time of issuing of the delegation unless historic evidence is desired.

    • notOnOrAfter Integer. Contained in delegationEvidence. (Required) Unix timestamp indicating the end of the validity period of this delegation evidence. It is up to the issuer to provide the evidence to set this time. Note that a reasonable amount of time SHOULD be allowed for processing of longer delegation paths. Also note that evidence cannot be revoked, so setting very long validity periods SHOULD be avoided.

    • policyIssuer String. Contained in delegationEvidence. (Required) Identifier of the delegator, also known as the delegating entity (usually the Entitled Party).

    • target Object. Contained in delegationEvidence. (Required) MUST for the root level contain an accessSubject. No other elements are allowed. It makes the entire delegation evidence applicable only to this accessSubject.

      • accessSubject Object. Contained in target. (Required) iSHARE identifier of the delegate, also known as the entity that receives the delegated rights (usually the Service Consumer). It should be either an iSHARE identifier for M2M cases or a human pseudonym for H2M cases.

    • policySets Array of Objects. Contained in delegationEvidence. (Required) A container, optional for one or more objects containing policy elements with an indication for further delegation. Note that policySet elements within one delegationEvidence MUST not restrict each other, but rather offer a mechanism to express additional rights. They MUST be evaluated in a permit-override manner, allowing a Permit if only one of the policySet elements evaluates to Permit.

      • maxDelegationDepth Integer. Contained in policySets. Optional. An optional element that, if present, indicates that further delegation of the rights, conveyed in the policy elements that are part of this PolicySet, is allowed. The value indicates the delegation steps that are allowed after this step in order to evaluate the entire delegation path to Permit.

      • target

        Object. Contained in policySets. Optional.

        Contains environment.

        • environment

          Object. Contained in target. Optional.

          Contains licenses.

          • licenses

            Array of Strings and Objects. Contained in environment.

            An array which describes which iSHARE licenses apply to this policy set. Please refer to the iSHARE Licensesarrow-up-right for more information about structuring this array.

      • policies

        Array of Objects. Contained in policySets. (Required)

        Used to express the actual rights for which evidence is being provided. Note that policies within one policySet object MUST not restrict each other, but rather offer a mechanism to express additional rights. They will be evaluated in a permit-override manner, allowing a Permit if only one of the policy elements evaluates to Permit.

        • target Object. Contained in policies. (Required) Describes the target, in terms of resource and action, this request applies to. It is also the scope that is permitted through the default rule.

          • resource Object. Contained in target. (Required) Contains type, identifiers and attributes.

            • type String. Contained in resource. (Required) String which describes the type of resource to which the rules apply.

            • identifiers Array of Strings. Contained in resource. (Required) An array of strings containing one or more resource identifiers to which the rules apply.

            • attributes Array of Strings. Contained in resource. (Required) An array of attributes of the resources to which the rules apply.

          • actions Array of Strings. Contained in target. (Required) An array of actions that apply to this policy.

        • rules Array of Objects. Contained in policies. (Required)

          • effect String. Contained in rules. (Required) Value must be equal to Permit or Deny.

          • conditions Object. Contained in rules. Optional. Optional conditions which must be evaluated before the rule applies. For guidance on how to interoperably define conditions, refer to the page about delegation evidence conditions. The following keywords in conditions are reserved:

            • serviceProvider: reserved keyword for a condition that contains a party identifier of a Service Provider, which is allowed to provide services to the accessSubject.

hashtag
Example request

hashtag
Example response

The response contains an encoded JWT:

After decoding, the example content of the JWT looks like this:

PreviousGetting startedNextDelegation Policy

Last updated