# Capabilities

{% hint style="info" %}
***This page must be considered part of the iSHARE Framework***

*This page is considered normative and is therefore compliant with RFC 2119.*
{% endhint %}

The `/capabilities` endpoint is required for every participant that provides services:

* Participant Registry
* Authorisation Registry
* Service Provider
* Identity Provider

The endpoint returns iSHARE capabilities of the iSHARE party. The server response is an iSHARE signed JSON Web Token.

Depending on whether or not an Access Token is provided to the capabilities endpoint, the endpoint must return public or public and restricted endpoints. in detail:

* If an access token IS NOT provided
  * Return public endpoints, including the Access Token endpoint
* If an access token IS provided
  * Return public endpoints, including the Access Token endpoint
  * Return restricted endpoints

Any endpoints that do not support the iSHARE's Identification, Authentication, and Authorization (IAA) methods and are not intended for use by iSHARE roles should not be included in the capabilities endpoint response. This is because when a participant sees an endpoint in the capabilities response, they will assume it is iSHARE-compliant and supports iSHARE’s IAA mechanisms. However, if a party has other endpoints that rely on different authorization methods and are not aligned with iSHARE, those should be excluded from the response to prevent misunderstandings.

## Retrieves iSHARE capabilities

> The /capabilities endpoint is required for every participant that provides services. The endpoint returns iSHARE capabilities (supported versions & optional features) of the iSHARE party. \
> \
> The capabilities endpoint should only return the public endpoints if no access token is provided. If an access token is provided, the capabilities endpoint will also provide the restricted endpoints. A party may also have private endpoints, which are endpoints for their own internal organization, also known as endpoints that are implemented, but not to share with the others. These endpoints are not within the scope of iSHARE and should not be returned to other iSHARE parties.\
> \
> Server response is an iSHARE signed JSON Web Token. Please refer to the models 'jwt\_header' and 'jwt\_payload\_capabilities\_token' which indicate what the decoded response will look like.

```json
{"openapi":"3.0.0","info":{"title":"generic iSHARE API specifications","version":"2.1.1"},"tags":[{"name":"Participant Registry","description":"Endpoints that form the iSHARE Participant Registry API specification."},{"name":"Service Provider","description":"Endpoints that form the Service Provider API specification."},{"name":"Identity Provider","description":"Endpoints that form the Identity Provider API specification."},{"name":"Authorisation Registry","description":"Endpoints that form the Authorisation Registry API specification."}],"servers":[{"description":"iSHARE UAT network base domain","url":"https://isharetest.net"},{"description":"iSHARE TEST network base domain","url":"https://test.ishareworks.nl"}],"security":[{"BearerAuth":[]},{}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","description":"OAuth 2.0 authorization based on bearer token. MUST contain “Bearer “ + access token value. Must be provided if restricted endpoints are needed."}},"schemas":{"CapabilitiesResponse":{"title":"CapabilitiesResponse","type":"object","properties":{"capabilities_token":{"type":"string","format":"application/jwt"}}}}},"paths":{"/[v2.1.1]/capabilities":{"get":{"tags":["Participant Registry","Authorisation Registry","Service Provider","Identity Provider"],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/CapabilitiesResponse"}}},"description":"OK"}},"deprecated":false,"operationId":"/capabilities","summary":"Retrieves iSHARE capabilities","description":"The /capabilities endpoint is required for every participant that provides services. The endpoint returns iSHARE capabilities (supported versions & optional features) of the iSHARE party. \n\nThe capabilities endpoint should only return the public endpoints if no access token is provided. If an access token is provided, the capabilities endpoint will also provide the restricted endpoints. A party may also have private endpoints, which are endpoints for their own internal organization, also known as endpoints that are implemented, but not to share with the others. These endpoints are not within the scope of iSHARE and should not be returned to other iSHARE parties.\n\nServer response is an iSHARE signed JSON Web Token. Please refer to the models 'jwt_header' and 'jwt_payload_capabilities_token' which indicate what the decoded response will look like."}}}}
```

### Response Model

The model of the `capabilities_token` JWT response is [available on the iSHARE OpenAPI documentation](https://openapi.ishare.eu/?version=2.1#/jwt_payload_capabilities_token). For convenience the model of the parties\_info object, contained within the token, is described below:

**Decoded capabilities\_token parameters:**

It contains [iSHARE compliant JWT claims](https://dev.ishare.eu/version-2.1.1/reference/ishare-jwt), however if an access token is not provided, then `aud` claim should be omitted while signing JWT. In addition to that it also contains the following parameters:

* `capabilities_info`\
  **Object**. Root level.\
  Contains information about capabilities.
  * `publicServices`\
    **Array of objects**. Contained in `capabilities_info`.\
    When no Authorization header is presented when invoking the /capabilities endpoint, only public\_services are returned. Public\_services themselves may (and usually will) require authentication to invoke them.
    * `identifier`\
      **String**. Contained in `public_services`.\
      Unique identifier of the service. For iSHARE defined services, it must contain the predefined identifier (defined as operationId in the iSHARE generic OpenAPI specification). For other services, it might for instance refer operationId in OpenAPI specifications, or other forms of identifiers in other specification formats.
    * `title`\
      **String**. Contained in `public_services`.\
      Human readable name of the service.
    * `description`\
      **String**. Contained in `public_services`.\
      Description of the service.
    * `descriptionURL`\
      **String**. Contained in `public_services`.\
      URL that provides a description of the service endpoint. Could be for instance a URL to an OpenAPI description, a WSDL document, a a SPARQL Service Description, a DCAT Data Catalog, etc.
    * `endpointURL`\
      **String**. Contained in `public_services`.\
      URL of the endpoint, including the correct host. Depending on the setup, this information could also already be included in the description that is provided via the description\_url.
    * `tokenEndpoint`\
      **String**. Contained in `public_services`.\
      URL where access token for the feature can be retrieved. This is optional because if feature is access token, it is not needed to mention it twice.
    * `status`\
      **String**. Contained in `public_services`.\
      Provides information on the status of the service. Must be either "deprecated" or "active".
    * `serviceType`\
      **String**. Contained in `public_services`.\
      Can be either "framework-defined", "dataspace-defined" or "self-defined". A framework-defined service is required from a framework perspective (including for instance the /capabilities endpoint), a dataspace-defined service is required from a dataspace perspective and a self-defined service is define by the provider of the service (actual data services are part of this category).
    * `version`\
      **Object**. Contained in `public_services`.\
      Versioning information of the provided service.
      * `compliesWithFrameworkVersions`\
        **Array of strings**. Contained in `version`.\
        Array of framework versions that the service complies with, at a framework level. If not included, the service is assumed to be compliant with the latest version. The versions can be retrieved using the [/versions endpoint](https://gitlab.com/ishare-foundation/cab/developer-portal/-/blob/v2.1.1/ishare-satellite-role/versions.md). Required for framework-defined services.
      * `compliesWithDataspaceVersions`\
        **Array of strings**. Contained in `version`.\
        Array of dataspace versions that the service complies with, at a dataspace level.
      * `capabilityVersion`\
        **Array of strings**. Contained in `version`.\
        Version of the provided service. The version numbering of services is not related to the version numbering of the framework or of a dataspace.
    * `methods`\
      **Array of strings**. Contained in `public_services`.\
      Array of operations supported by the endpoint. It could be HTTP methods when the endpoint is HTTP based, for example: GET, POST, etc.
  * restrictedServices\
    **Array of objects**. Contained in `capabilities_info`.\
    When an Authorization header is presented when invoking the /capabilities endpoint, in addition to the public services, restricted services may be returned, based on the information provided on the participant by the Authorization header. This could for example be implemented to expose services only to participants of a dataspaces. restrictedServices themselves may (and usually will) require authentication to invoke them. *The attributes of restrictedServices are 100% equal to the attributes of publicServices and therefor omitted here.*

### Example request

```
> Authorization: Bearer IIeDIrdnYo2ngwDQYJKoZIhvcNAQELBQAwSDEZMBcGA1UEAwwQaVNIQ

GET /capabilities
```

### Example response

The response contains an encoded JWT, which looks like this:

```json
{
  "capabilities_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJNSUlHakRDQ0JIU2dBd0lCQWdJVVhsZHlZL0o3MFVGTFNmY2ljeUFnbkNBYkxhVXdEUVlKS29aSWh2Y05BUUVMQlFBd1hURWVNQndHQTFVRUF3d1ZaVWxFUVZObFUwVkJURTlKUkY5SmMzTkRRVWMwTVJrd0Z3WURWUVJoRXhCT1ZGSk9UQzFwVTBoQlVrVlVSVk5VTVJNd0VRWURWUVFLRXdwcFUwaEJVa1ZVWlhOME1Rc3dDUVlEVlFRR0V3SllXREFlRncweU5ERXhNRFl4TkRNek1URmFGdzB5TnpFeE1EWXhORE16TVRCYU1Hb3hDekFKQmdOVkJBWVRBazVNTVNBd0hnWURWUVFLREJkVVpYTjBJRk5sY25acFkyVWdVSEp2ZG1sa1pYSWdRVEVnTUI0R0ExVUVBd3dYVkdWemRDQlRaWEoyYVdObElGQnliM1pwWkdWeUlFRXhGekFWQmdOVkJHRU1EazVVVWs1TUxURXdNREF3TURBek1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBOW9uQ1F4UDcyRXkyMlIzZ0dNRjgvcy81ODErVGNrZEJ5RHFmZ29ZTEJRbFQwSkt4QXpXandETkZNeUN2TDE4c0w1WE9vVm9qU1dJSkRFZmtBanUwdFdjcGthZkV5Q1U5OVNWVG9Gdzhkd08zSEUyYlFNZ3JUUmNUQ2NjeFVoMnBOMzlMb0FmT3FLUngrcHRkTDJzUWo5T0RZaXNkUWFqb01GTmlONjdGVmFBTVpWT3hDUXdydy82eGdjUnVzaEZlT0UzZHNKOVVVKyt2TU9OdThWNzdXS2lKaXVEQlFQdlJ5ejBibjVvblRXQXBlM0lhSDdMWG9YcnhKL2xBcGxCL0R3OGtCTHV2eUpta2hwZWxrRjJUb3ZxaERYNTVqNEtTWU8rU09md0tXbmVrdEZnQWVURjJrM0NrcloyY2Y5UU9EY1FpVnowL0NxWGNrTEpoTlAxVkJ3SURBUUFCbzRJQ05UQ0NBakV3RGdZRFZSMFBBUUgvQkFRREFnWkFNQXdHQTFVZEV3RUIvd1FDTUFBd0h3WURWUjBqQkJnd0ZvQVVzeHBQUWtEcDJIaWRhLy84SkxBUXNUUTg4SWt3VndZSUt3WUJCUVVIQVFFRVN6QkpNRWNHQ0NzR0FRVUZCekFCaGp0b2RIUndjem92TDJOaE55NXBjMmhoY21WMFpYTjBMbTVsZERvNE5EUXlMMlZxWW1OaEwzQjFZbXhwWTNkbFlpOXpkR0YwZFhNdmIyTnpjREFRQmdOVkhTQUVDVEFITUFVR0ExVWRJREFmQmdOVkhTVUVHREFXQmdnckJnRUZCUWNEQkFZS0t3WUJCQUdDTndvREREQmJCZ2dyQmdFRkJRY0JBd1JQTUUwd0V3WUdCQUNPUmdFR01Ba0dCd1FBamtZQkJnSXdOZ1lJS3dZQkJRVUhBUU1NS2xSb2FYTWdhWE1nZEdWemRDQmxjMlZoYkNCalpYSjBhV1pwWTJGMFpTQm1iM0lnZEdWemRHbHVaekFlQmdWbmdRd0RBUVFWTUJNVEEwNVVVaE1DVGt3TUNERXdNREF3TURBek1JSEhCZ05WSFI4RWdiOHdnYnd3Z2JtZ2diYWdnYk9HZ2JCb2RIUndjem92TDJOaE55NXBjMmhoY21WMFpYTjBMbTVsZERvNE5EUXlMMlZxWW1OaEwzQjFZbXhwWTNkbFlpOTNaV0prYVhOMEwyTmxjblJrYVhOMFAyTnRaRDFqY213bWFYTnpkV1Z5UFVOT0pUTkVaVWxFUVZObFUwVkJURTlKUkY5SmMzTkRRVWMwSlRKRGIzSm5ZVzVwZW1GMGFXOXVTV1JsYm5ScFptbGxjaVV6UkU1VVVrNU1MV2xUU0VGU1JWUkZVMVFsTWtOUEpUTkVhVk5JUVZKRlZHVnpkQ1V5UTBNbE0wUllXREFkQmdOVkhRNEVGZ1FVZkkvNkZzVzFZT0RRTWtnbEhXZWZITWFXRjhFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFHMnc0ZGdjTkRhL0ltVTZQK09yUEFaYWp5M0c3aCs2ejRpUFJCV1hnc0RjbDVVTHBOVXpTSUljZ2dHb05rYUNJU294KzFyV0ZwM3BOUWx4c1lkYjhFcjFYRFBvOG9WRjU4M241VU95UFVpTENnUU5GV0ZxaUg3NnpkeEk5c2Fua0l5TVMrZytuSHZxRlR1Y1pqbkVnbU5MWjZhNDVxQ2ZYRXRtRnkxUVJRMU4wcWZ3d2VEVEpWYjNCb054RU84UjdlQWg0cTBOaFNxWGJrb3JQUUxlamsyWG5NYm5NOHRqc1V1cmpwQ3M4VU1nMFR6UlROdXlHLzd0VmFMcmRFbnBxUDIwK2drNXE1d2FFRndwRDZlT3ZxbFVnSDByRkxrMlZQOEhidG4xM0dhQlpCa3FBUzJrbmJxZFZ2VEZpclR6RldNMGRRTmk5NzdBbDRsVmJYTGNBSEVaNWpTazRWYnFyYkFGQm9wS0tNUFNWL0NzeStwMksvc25mVjNRcXhhRnhUdjloTUFuVG1rUTFudTNuU1BwQXE5OUI1cURuQXdxaHlqaHFNdEpIbEd5cWQyeUl1aHFrMmVjeVl3cThSRGpLTkFqZE1MRzVLWERLckdraW9WcnFLdDNBa2F2dk5HV0J0NlFiVnNoNFJZWWI4SVc4L2RCWU9jOVhWV2xNS1RKdHc0dUVvQW1xVTNMV3E4OXJSOW5jcmwwMWlUbDJjaWlKamZRN21sNTIyUXZHUmwxbGtUZnJ6K2Y2VnJQOEVPKzkrTWVtck96eFFJbjNqUms2TlFydlNGanlKWDNZTUV6YVlIL2NBMld2Mm16V0ZjOWJUa25lYjdXa3ZWeFcxOFhxaGpjc25qdDk2N2Rlamk5eDExTExZOE5Cd1I3S3J6Si9kSmRNTHFucHlLWSIsIk1JSUYyakNDQThLZ0F3SUJBZ0lVUEczK1RBbnhWT0JjZTlOYVB0OXBUQWdtNVI0d0RRWUpLb1pJaHZjTkFRRUxCUUF3UWpFZU1Cd0dBMVVFQXd3VlpVbEVRVk5sVTBWQlRFOUpSRjlUZFdKRFFVY3pNUk13RVFZRFZRUUtFd3BwVTBoQlVrVlVaWE4wTVFzd0NRWURWUVFHRXdKWVdEQWVGdzB5TXpBNE1qVXdPVEF4TXpKYUZ3MDBPREE0TWpVd09UQXdNRFZhTUYweEhqQWNCZ05WQkFNTUZXVkpSRUZUWlZORlFVeFBTVVJmU1hOelEwRkhOREVaTUJjR0ExVUVZUk1RVGxSU1Rrd3RhVk5JUVZKRlZFVlRWREVUTUJFR0ExVUVDaE1LYVZOSVFWSkZWR1Z6ZERFTE1Ba0dBMVVFQmhNQ1dGZ3dnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDRHdBd2dnSUtBb0lDQVFEYW5VZ00xL1BReVhOVFgrVU9MR3JaalM4SGFUV1IvUDR4RDhTTUNSeE9YSEt6SExRcUVRT3VIRC93K3J4OS9iRXd6SDR3VmZKMG02L3I1NktPZzB3TFVsVndPeWlrT1hHb0lURDJ1K1VpOXQyNHRZSWt4OHpqTEc3VkhWY3c0ZFhPdDkyc3ZLWTFMeWJ2bHByb1d6VEhsUndvSU8xWVE0aE8rcnlic3cvS0VERVhVYmtvd2psSEFQY3duc09XNjQzNjdFTitlelQxc1M4ZHpGSXhtRzhxQzJMck0yc1hKV3FxNXZKZUUvODZUZloyTk1PK0NVeGtqajd1UGdiVzJWL01PVWhZeUF0R0FqemQvS3dPckxNUk1ZYVhPSWo2MW04UjcxbmgvTFY5bjhkbmowd1RRT05USGh1TTdtZFpReGhxT2RrTDJja1NyQldpM2F0RVZUMU9oQlJYNEZtbWhJaG1TV3VDdGd5S2lEQ0lvdHlHQXNYMm82ODE3ZmVlNFJkdHdmdzlRNG9OM05BaHRvZDYwaU9BV0FwVnQrQlQ1dHZkZ0dPWVdQY2JNUjVwR3picDM4ZEdVeXV3WVpWNExBbklHU201eWF1Y05FMkUyeHJRQ2JFZVptNFJQc3g1SmxlV3ppcGsrNDJkN3ZxdldEODhJUWNRK2JaTTJYNHJKQlpOczE2NkNseCttNkhtS3hLQUxlYlV0anN6c2d5SDhjcTEwZCtrNEFvOG9DYU9ZanYySWFFYk1kK2ZWL1VmOGtQa3pUdEtsdHRkcWlpeG9JcXljWE1FZ0JhU2drdWI3WG9RNksyNnRSUEowdzVRa3V1aDNNS3RHRVdmVzdFRUdtcG5DcWpPdjYvckFNSmlNV3loMUlnTGdOQlVQUDd6YVZQcERBdEM4OE9TSlFJREFRQUJvNEdzTUlHcE1CSUdBMVVkRXdFQi93UUlNQVlCQWY4Q0FRRXdId1lEVlIwakJCZ3dGb0FVNHViWDBwNkRWak45REt0T1dXTVlBcytIeGRRd0dBWURWUjBnQkJFd0R6QUZCZ05WSFNBd0JnWUVWUjBnQURBcEJnTlZIU1VFSWpBZ0JnZ3JCZ0VGQlFjREFnWUlLd1lCQlFVSEF3UUdDaXNHQVFRQmdqY0tBd3d3SFFZRFZSME9CQllFRkxNYVQwSkE2ZGg0bld2Ly9DU3dFTEUwUFBDSk1BNEdBMVVkRHdFQi93UUVBd0lCQmpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQVp2NUd1a3gwUEV2VlJFSXQ4TVRhUGZDSDRhd3lpaVl5aTE3aDZSNUxMazFyZXJ3UXNTU1NIZlZxZnRkd1JGMG9jTHAyUFhKaGUwNzVxVjQwNkMwNENqYW1OazNlejlaaU5IQ05qUHRmaWQ2b094cXoxWGs4WFBqTllFbGJBRm1QN2VLbC80NDF2WmhHdWsvUmhYR054UWJ0bzBRMTZnOElSY0dEdldnTmh0cnRCMUcyeFNtdEIxUzJ1VXBTYWlaVk5PcmtkelRoaUVKc2VVUkJvWHhVWElxcEx5UFRSbDZNTWdWYUxHUllSYzN2WWlqNEI3TTJoQk43L2NqbkdMc01WdGdiT3Y2Q1YyMWcyU1hvd2JnT3F6QnlINTFVVFI2T2JIaUdqMGtTQ0FMRzE0SVFQa3pRUGlTcGp1Kys5TTJqQWpQTTNvNDIxWk9VRE1QMjQ2Q3NxUFhyVEFiUFhKVlVSL2dpNHU1M2ttekMyMTBqdlZxOWhId2VseFFPVFBGaGxNNkUxQ2g0SmI0UFFSTEtEUEZsKzVOVzRGeTJKQURqeXVweVZIbmNkTEV1UHkwUGdDTDJZbzE0N0hTcFBqNHU3amMxUm1IVTdOTzEyRVYyWkNNZkZsUndkR3Y2aWY4cU83cy82bHBaSmpwUHRMRU9iQTV0RDRhaGMrYVBOQWk5V0NrMHBlUm0xS0U1VkdEV0tGTlNOQWlMSk56UDdtMlE2eThmT3kzOGNOZ0ZCaEdPRi9LZ0VJc1QxMFYrNUs1byt5bFZWdFBWZVJSRU5FdktPOUVMa3plMElIZ3NUQi82Y3dPaWo0cHhNOUp2YXVqMDZHZ2xoSWhpSUE2cTBpRFVxQjFNVVIwSHppWTlCc25XWTlrUjhod1YzT1crbnNtenRRd0dWRXcya2pVPSIsIk1JSUZqakNDQTNhZ0F3SUJBZ0lVRmo5LzNqR09SaHRJcFo5OE9MUnRSSHMwQVlzd0RRWUpLb1pJaHZjTkFRRUxCUUF3UVRFZE1Cc0dBMVVFQXd3VVpVbEVRVk5sVTBWQlRFOUpSRjlTYjI5MFJ6SXhFekFSQmdOVkJBb1RDbWxUU0VGU1JWUmxjM1F4Q3pBSkJnTlZCQVlUQWxoWU1CNFhEVEl6TURneU5UQTVNREEwTkZvWERUUTRNRGd5TlRBNU1EQXdOVm93UWpFZU1Cd0dBMVVFQXd3VlpVbEVRVk5sVTBWQlRFOUpSRjlUZFdKRFFVY3pNUk13RVFZRFZRUUtFd3BwVTBoQlVrVlVaWE4wTVFzd0NRWURWUVFHRXdKWVdEQ0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQUw3bnpreW9GWFdnMWdoZEc2Zm51enV2QWRNV3NtL0krbVgzRGJ6M0kvS3lxTGRXdDdYRzNPV1ZTbmhvc0FEMlcyU1hubEdYcXh5ZTBoUHRFZ2tRSWRlbDdGbkZvc1dXcnNFT3JhdGdYbG5NNE5XcFlES01XRVZZcm83aHpIZ0NaMTI2WlBRVUxsczUyTmN2cFJNOFMzZFprK1hLMWtmM1ZlUzBKMmhVU0ZFQVpITHlYQ1hraFRuVUk3cW8xdXIxVG1EV1lzTlF3eERHT3U3Q1F5WllkS0l3S3FJOWVHc1JMZ002UFFsZzN2WkNyb3BPb2RNN2xvVHVpckNsM1VLdzRIckdrMmNPaUFmNElkLy9lYVZDYWZ3a2pLc0pUUXVBYWh1Uno0cU1zSFlBM2tEUXorMCtoZ25SNzRyK2lMcis4bHIwNDRnbG5hV0lXdnJFR2NpUlIrUGVjdGZyTE9RUUlXN2hhMTNkeldvemtUMGFnblQxTGsvQ0dyZ05YVnFob3NHQzBydUFRUEk2RGNQTnkySU5NOUpndENtQnNTak1NMTg1RklCWDRDeTE3bTczaDlyS2pYWk14YjZUeFg3Q0laeWVzZ0FTMGJCUmI2eElwS3NacmxyakVhenNqQzJWSFJSV09NSldZcWNYTEQ1Wk56R01aVXI2VHQyeUNVQXRhbWVjREFUS042L0dic3hlMHRBQk4wcGswcng1aWMrNFRYZEJyb045T0FaY2hINHRKQ3NPQ0tvbkN6QXBQeFZUaEROTXhzb295RnE5RG1nWGh5RVVPT29lUytGcjRGZ0gralNBTm0vbDE3OEpoOWVwZlhROWdFLzZhcVB4WWpOU0JnUzYwUzFFVnFDcHh3MnJUMW1VWWVHZndpYlZtNTNpeEdwdFI4a3RlNzBuQWdNQkFBR2pmVEI3TUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SHdZRFZSMGpCQmd3Rm9BVTJMdWJOUzFiUCsvaGE4dk1ETStpTHJwcGVvd3dHQVlEVlIwZ0JCRXdEekFGQmdOVkhTQXdCZ1lFVlIwZ0FEQWRCZ05WSFE0RUZnUVU0dWJYMHA2RFZqTjlES3RPV1dNWUFzK0h4ZFF3RGdZRFZSMFBBUUgvQkFRREFnRUdNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUI4anFZVXc3VHYrVzRaSDA2UHJhRjZ6ZmRDeFQwM0RoUkNodzRaL1FtMFhWUzJnUnlSd2NNcHRRRkVSaFBOT0EyMjF1OUxxb3paMWFLM0IzNXdrY0dEL2RGSmdKQ0pCOTZTTXR0UWwySHAvRWlRejlQRkYwMmRCU3J1WGhJYXJhUGJNK05JR2RteU4yWnl3R0dYSTFhVTdKRDNYRzI5U2gyQUFkT2t2OGRJNmdFZ3p0L0RIU0lJYmFrYmFMZEVJYzdXQjk1R1VIY0huTmo1OFR6VFN5VmZCbXRiM3ZCSzlKRzBJbzZOQVBXUVl4MlZQOCtmSXlsamEyZDEyOGhnaDBkc0RyWEZBTSs5QVg4aGFlNXZ2eFZpOFRXcy96MmluZytrK2ltbXRTTmZ6ektNaU83cjV3SkFreWp3dFVCbEJTdEtJQTZaZXIyMnBtU1RaWmV1Y0hkRVRoYWJjV1FpZFZabU1QM0lmNml4NVVleVg4VjZPQXcwZ3NJM0lVYjkxUTc2ZDRzTFdiem9HTk9OQVlGQzFJeXoweFdqNDdaZDZQN1oyR2ZoMVZpSWJNeFZpRkRsTm1iRVpmbHBFUzg3Sy95aEJVUS90bkNOR1FvU2R0c3V5dVdnM05mV2J5Sm9OWnpsVTk2Sld4Y3FTYVhrenNlOWo4d2FoYXlLTk02U1dLU1kxWjA1aDhKU2NPQ21GQjVGOFYzYmQ1blAvdUtqYTdIOE80R09BQVBNM090RytlcTM3eFcveE4wb0FzamJ2dDRvam5VYkpzMmtpQXhFZHdYeDBLN21jUGVTN3pXbVZ0OGg0UmRjRG0vUEdURGE5bThPcWhRdWNrODBRbnV4SVVXVnI3R1dhZGgxTHkvdGwwK2J2bWtjbk8yeWJSSitnYnFSRUhEVGUwc3hzdz09IiwiTUlJRmN6Q0NBMXVnQXdJQkFnSVVDdmZTdlFlcmpGRG1NMkx2bWpvVERPSW5MQXd3RFFZSktvWklodmNOQVFFTEJRQXdRVEVkTUJzR0ExVUVBd3dVWlVsRVFWTmxVMFZCVEU5SlJGOVNiMjkwUnpJeEV6QVJCZ05WQkFvVENtbFRTRUZTUlZSbGMzUXhDekFKQmdOVkJBWVRBbGhZTUI0WERUSXpNRGd5TlRBNU1EQXdObG9YRFRRNE1EZ3lOVEE1TURBd05Wb3dRVEVkTUJzR0ExVUVBd3dVWlVsRVFWTmxVMFZCVEU5SlJGOVNiMjkwUnpJeEV6QVJCZ05WQkFvVENtbFRTRUZTUlZSbGMzUXhDekFKQmdOVkJBWVRBbGhZTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUF4Vk1LSTlSTWhuT1NBMkxvcmdFQzNZRE5kMml0bjcyTE9kZlJSVXU0NWZHNzBJZXYrRTRrUnJ6SjFrMjNXWEg1c0hUYmNzbHBFVGVBWm5qMC94S0JZZEVMdXdlNkhYOGtJd2QxczZXR2xaYzBsN2tpMWZtajRIcVNzdEdKL0JLR2oxYTcyMzZXd1BKRVdFSHFmeDlRTUVldUpLbFVTVkZGeUU0ak1zZllwODdpZklwdXdFOG9MT3c0eWtERE9QNTJUZDA2dkhDSVlycURCcnZ4RmRBdUVuRnhOeGxQWFJFNGdMc3lnZzYySE94T3VHbWhXZnN5NlRjY0lwNVhJT2RqMkN6ZW9YSjgybTUvaW1CUEp2a2VmbnJqRVFYemlTRTJtaTJJQkR0R1AvQXdGV0k3V3BzRXlEWFdJbU1TUjBUM0N1RG1rZVExNHBObWNxTXAvYnFYM2kxYWV0YWRGVFdzdWhsMG5IMmlScUtaREp4WmxTY3U5OXRvcTVHcmRjRlVjeEdSUXlsK3NGaFVoM1hjQldKVjdZMnduRkwydFk3dGh0UThaUG16VE84a1BLQ2JFbDVVNmdDU0lrcFJQTlpCUEc0ZFQwcXUrOEJkNzFQdTduQXkxaUI0VTZ5czM0Y0ZsT2xKcEdNMEZHcjM1TGVmYlBSOGJnejZNOVhOalJiZ01EUWNYRE1uZmlESjdFODFvVkJwQ1hOOXlkSGkxYmxoYWt1RUJhb2E5TS9rYXppcEdQbUF1eHJXQk1tcDJxMHd6UXA5R1MyZThrZUpJRHdKdXl6RUxhUlpDNHlqVnNWWlFNSy8vRCs0SjNib1U1ZHJDbW1tNkMxcndOUmZTWnVGR05jSVlEWmVIdGVHb0NGNEVBNWpjZ2RGYUlZckRlajZWQWFiNDJ2TjVMVUNBd0VBQWFOak1HRXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QWZCZ05WSFNNRUdEQVdnQlRZdTVzMUxWcy83K0ZyeTh3TXo2SXV1bWw2akRBZEJnTlZIUTRFRmdRVTJMdWJOUzFiUCsvaGE4dk1ETStpTHJwcGVvd3dEZ1lEVlIwUEFRSC9CQVFEQWdFR01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQmJjSHlWMmI1bUd3SFd4Q1NiRHdyNVY3UGdTWklKYTFzY3JDbklIRDNaL3l4RzdYcDVjSWxCajRNeTRsUkhqWnRKVnZVZlRqRnBzRURFdi9QQXE3NE9Jb2xOL2tQZE1mVGN6RkJHcHZzWnIweDJ5VVBFSnpRc1RTTHgwZ3daK3d2b0tIV0UwQzdHcWdrQUJOckZXOEZMcVJ6TnFYc21NNW9JNGMzVjVzeXh3QllGRFVZNU1QV2RxSkVEZlJ2ampKUENYbUtPUDFsTytpK0UwN3ZzRnBEekhTMkZLQjVjNnNUSVprdnQrSC9DRzRoVnU2WnZjRlhYenYySksvRW9WWjZ3VWRDbHQ0cExnVFFaL1cwcVFDSjNHakZlL1BaNzRtY2tXMXgvems5ejBWUWpVcFRxejNBalBMSWpqNjBuTUxUTHA1MG9GY01ManVYc3MwdnY0dFVqQ1RwczJRZzluMEd3TGxEUjQyTnl3MlRLY01NQjZ5Y0VvTmlVRXUwbGdhMUpNMFNWU3NGUDdHU1UvVzlWcWF0Szd4cC9YVzkvR0R2Z3AzWi9wUE0wRTNpMXRxcC9uT1U0M1lvZjhXaTRKSjZ6T2dYQnpxUXhPNk1JTFpKNHFFZmVuQXRJN285NVR5NXlrOXZSYm9Vc3R5d3NmQzZDVnN1MDhOTC90dHc0T1NYT3Zia1ErN3pNeENZVDlZeVFENWwvbHRDM2JnZGovbEJaem5zQnVHWU5PQjE2d0ROY0dwdXVhZWtzZlFmQkRQSFQrdlI2Z1BWRlpweVZ3eS90ekg2TlRwVUdEam9IVnNDeFVqWTg3ME9NNEQySmNqOU9JcXFkbGtDb1dPNmk0VmVjN3NUenhpWDM5b05TcjFHN0NvYmMzc1lkaG54Zy92bGcxQmVDSjg3cDBBPT0iXX0.eyJpc3MiOiJFVS5FT1JJLk5MMDAwMDAwMDAzIiwic3ViIjoiRVUuRU9SSS5OTDAwMDAwMDAwMyIsImF1ZCI6IkVVLkVPUkkuTkwwMDAwMDAwMDEiLCJqdGkiOiI3MDcxZWNjNTE1NDQ0MTI3OTkwMzYyMmFmMWJlZGJjMCIsImlhdCI6MTU5MTk2NTI3NywiZXhwIjoxNTkxOTY1MzA3LCJjYXBhYmlsaXRpZXNfaW5mbyI6eyJwdWJsaWNTZXJ2aWNlcyI6W3siaWRlbnRpZmllciI6Ii9jYXBhYmlsaXRpZXMiLCJ0aXRsZSI6IkNhcGFiaWxpdGllcyIsImRlc2NyaXB0aW9uIjoiaVNIQVJFIENhcGFiaWxpdGllcyBFbmRwb2ludCIsImRlc2NyaXB0aW9uVVJMIjoiaHR0cHM6Ly9hcHAuc3dhZ2dlcmh1Yi5jb20vYXBpcy9pU0hBUkUvaVNIQVJFX1NjaGVtZV9TcGVjaWZpY2F0aW9uLzIuMCMvU2VydmljZSUyMFByb3ZpZGVyLyUyRmNhcGFiaWxpdGllcyIsImVuZHBvaW50VVJMIjoiaHR0cHM6Ly90ZXN0LXNlcnZpY2UtcHJvdmlkZXIuaXNoYXJlLmV1L2NhcGFiaWxpdGllcyIsInRva2VuRW5kcG9pbnQiOiJodHRwczovL3Rlc3Qtc2VydmljZS1wcm92aWRlci5pc2hhcmUuZXUvdG9rZW4iLCJzdGF0dXMiOiJhY3RpdmUiLCJzZXJ2aWNlVHlwZSI6ImZyYW1ld29yay1kZWZpbmVkIiwidmVyc2lvbiI6eyJjb21wbGllc1dpdGhGcmFtZXdvcmtWZXJzaW9ucyI6WyIyLjEiXSwiY29tcGxpZXNXaXRoRGF0YXNwYWNlVmVyc2lvbnMiOlsiMS4wIl0sImNhcGFiaWxpdHlWZXJzaW9uIjoiMS41In0sIm1ldGhvZHMiOlsiR0VUIiwiUE9TVCJdfV19fQ.IA75SziKCkqIrLjbZd2PXc8zGJFGiv-PjpAsxoKEoEwisbzQE5N7Q4Oexuc3A1rzeCk0UDdfeZjvlGYoMq9rdGyD9oCSGNyqVcgFuFyHwQnnn-ZCXhnR9eCyYJKUwoRwuHhdaylOLWohz2rEQCYgGFsoaOPbHYniN3c3w4bf_zKXHcBzM3SkMMk1KJTEHflt4v0Y5PuQ6xM7-pB_8AxGfukt9F6x48jRGKRW72-xMYgvV3M1RatDZoQmHQuhe7CnHgJ5IvFTClyBuc2Y0rEqeIUG6VZlkbIHWD_u9-cgFREp0yZDKBFHgkBQk5ChFRx4iqCKJtn1YxXeDvg5ZhIEPw"
}
```

After decoding, the example content of the JWT looks like this:

```json
{
  "iss": "did:ishare:EU.NL.NTRLNL-10000003",
  "sub": "did:ishare:EU.NL.NTRLNL-10000003",
  "aud": "did:ishare:EU.NL.NTRLNL-10000001",
  "jti": "7071ecc5154441279903622af1bedbc0",
  "iat": 1591965277,
  "exp": 1591965307,
  "capabilities_info": {
    "publicServices": [
      {
        "identifier": "/capabilities",
        "title": "Capabilities",
        "description": "iSHARE Capabilities Endpoint",
        "descriptionURL": "https://openapi.ishare.eu/?version=2.1#/Service%20Provider/%2Fcapabilities",        
        "endpointURL": "https://test-service-provider.ishare.eu/capabilities",
        "tokenEndpoint": "https://test-service-provider.ishare.eu/token",
        "status": "active",
        "serviceType": "framework-defined",
        "version": {
          "compliesWithFrameworkVersions": [
            "2.1"
          ],
          "compliesWithDataspaceVersions": [
            "1.0"
          ],
          "capabilityVersion": "1.5"
        },
        "methods": [
          "GET",
          "POST"
        ]
      }
    ]
  }
}
```