Token Endpoint

Owned by Space Sync for Confluence
Last updated: Dec 06, 2023
1 min read

CDS Reference

not included

Current Version

n/a

Deprecated Versions

n/a

Retired Versions

n/a

Transport

MTLS

Authorisation

client authentication

Client

data recipient

Endpoint URL

https://secure.api.cdr.gov.au/idp/connect/token

Implementation Guidance

  • Data recipients need to retrieve an access token from the Token Endpoint to include in calls to the Get Data Holder Brands and Get Software Statement Assertion (SSA) APIs.

  • Private Key JWT client authentication is used to identify and authenticate the data recipient software product requesting the access token.

  • The data recipient software product must be in an ACTIVE state in order to be issued an access token by the Register.

  • The access token issued by the Register is valid for 5 minutes. The Register does not provide refresh tokens, so a new access token needs to be requested once the current access token expires.

  • The access token that is issued by the Register is bound to the client certificate that was used in the call to the Token Endpoint. The same client certificate must be used in the calls to the Get Data Holder Brands and Get Software Statement Assertion (SSA) APIs to satisfy Holder of Key requirements.

  • The Register will verify the client certificate used in the request against the list of client certificates that have been issued to the software product, responding with an error if no matches are found.