Security Verify Access authorization API

Edit online

The Security Verify Access authorization application programming interface (API) is the interface between the resource manager requesting the authorization check and the authorization service itself.

The authorization API allows Security Verify Access applications and other applications to query the authorization service to make authorization decisions. At the same time, the authorization API shields the application from the complexities of the actual decision-making process, including issues of management, storage, caching, replication, credential formats, and authentication methods.

The authorization API provides a standard programming model for coding authorization requests and decisions. You can use the authorization API to make standardized calls to the centrally managed authorization service from any existing or newly developed application.

The authorization API can be used in one of the following modes:

Remote cache mode: In this mode, the API is initialized to call the remote authorization server to do authorization decisions on behalf of the application. The authorization server maintains its own cache of the replica authorization policy database. This mode is best suited for handling authorization requests from application clients.
For more information about remote cache mode, see Authorization API: remote cache mode.
Local cache mode: In this mode, the API is initialized to download and maintain a local replica of the authorization database for the application. Local cache mode provides better performance because the application does all authorization decisions locally instead of across a network. However, the processor usage of database replication and the security implications of using this mode make it best suited for use by trusted application servers.
For more information about local cache mode, see Authorization API: local cache mode.

The authorization API also works independently from the underlying security infrastructure, the credential format, and the evaluating mechanism. The authorization API makes it possible to request an authorization check and get a simple yes or no recommendation in return. The details of the authorization check mechanism are invisible to the user.