The AAP service (Authentication, Authorisation and Profile) provides a central repository for identities (Authentication), group management/permissions via domains (Authorisation) and attributes (Profile).
This service requires the processing of your personal data in order to function. For more information, please read our privacy policy.
Overview
The Authentication service deals with identifying users. Its purpose it to go from a username/password to a JWT, which can then be used against the other AAP services, or any application that supports the AAP tokens.
The Authorisation service deals with managing those users into domains, so applications can make their own authorisation decisions.
The Profile service deals with reading/writing attributes for the users and the domains.
Integration
The following client is available:
-
aap-client-java Java Spring
HTTP verbs
The AAP tries to adhere as closely as possible to standard HTTP and REST conventions in its use of HTTP verbs.
| Verb | Usage |
|---|---|
|
Used to retrieve a resource |
|
Used to create a new resource |
|
Used to update an existing resource, including partial updates |
|
Used to update an existing resource, full updates only |
|
Used to delete an existing resource |
HTTP status codes
The AAP tries to adhere as closely as possible to standard HTTP and REST conventions in its use of HTTP status codes.
| Status code | Usage |
|---|---|
|
Standard response for successful HTTP requests.
The actual response will depend on the request method used.
In a GET request, the response will contain an entity corresponding to the requested resource.
In a POST request, the response will contain an entity describing or containing the result of the action. |
|
The request has been fulfilled and resulted in a new resource being created. |
|
The server successfully processed the request, but is not returning any content. |
|
The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). |
|
The requested resource could not be found but may be available again in the future. Subsequent requests by the client are permissible. |
|
The data supplied would create a duplicate (for example domain name already exists). |
|
The data supplied would not support the operation (for example to remove admin perform admin delete operation,
system would validate that domain should have more than one admin user). |
Contact Us
We’re using Service Now for enquiries / bug report / suggestion for improvements. Users from outside of EMBL-EBI should use this form to report an issue, but enquiries and suggestions are also welcome. Everyone can write an email to aap@ebi.ac.uk to get instructions of how to contact us via ServiceNow.
You can also subscribe to the aap-announce@ebi.ac.uk mailing list, where we will communicate new features, maintenance times etc. It is low level of activity.