Implementation Guidance
A Software Statement Assertion contains metadata about a software product and is signed by the Register so that authenticity can be verified.
A Software Statement Assertion is required for Dynamic Client Registration (DCR). An SSA must be retrieved from the Register and included in Create (POST) and Update (PUT) registration operations.
A Software Statement Assertion can be retrieved once from the Register and used in multiple dynamic client registrations for as long as the SSA is still valid (lifetime is 10 minutes). A separate SSA does not need to be retrieved for each dynamic client registration.
Before calling the
Get Software Statement Assertion (SSA)
API, the Data Recipient Software Product must retrieve an access token from the Register'sToken Endpoint
.The access token must be added to the
Authorization
header of theGet Software Statement Assertion (SSA)
request as aBearer
token:
GET https://api.cdr.gov.au/cdr-register/v1/{industry}/data-recipients/brands/{dataRecipientBrandId}/software-products/{softwareProductId}/ssa Authorization: Bearer {access_token}