2.2 Accessing the API features

Access to features of the MyID Core API is controlled using MyID roles.

For example, the MyID Operator Client feature that allows you to view a person's images (View Person's Images) is enabled if the operator has a role with one of the following permissions:

• Add Person

• Edit Person

• Request Card

• Request Replacement Card

• View Person

If the operator account has access to any of these permissions, it can use the corresponding API call:

• GET /api/People/{id}/images/{imageField}

For information on setting role permissions, see the Roles section in the Administration Guide.

Note: As development of the API proceeds in advance of the development of the MyID Operator Client, you may find some API features that do not correspond to Operator Client features. These features do not have role-based restrictions placed on them; however, the object of the operations will always respect the scope of the operator user.

To determine what permissions are required for an API call, set the ShowPermissions option to true in the rest.core configuration file; see section 2.1, Accessing the API documentation for details.

This adds a section to the API documentation that lists the permissions for each API call, and which roles currently have access:

2.2.1 Scope

The MyID Core API respects the scope of the operator account used to access the API. For example, if you are using an operator account in the Finance department that has a role with a scope of Department, that account can view and access only the people (and their devices, requests, and so on) who are in the Finance department.

For information on setting roles and scope permissions, see the Scope and security section in the Administration Guide.