DSGO Developer Portal
  • DSGO Developer Portal
    • Getting started
    • Learn the basics
      • Transaction roles and patterns
      • Component diagram
      • Public key infrastructure (PKI)
      • Certificates
      • Authentication flow
      • Policy Based Access Control (PBAC)
    • Guide 1. Acquire certificates
    • Guide 2. Implement client
    • Guide 3. Request participant evidence
    • Guide 4. Configure authorization server
    • Guide 5. Configure resource server
    • Guide 6. Define data service
    • Guide 7. Implement data service
    • Guide 8. Implement non-repudiation
    • Guide 9. Request delegation evidence
    • Guide 10. Configure PDP engine
    • Guide 11: Implement events
    • Swaggerhub: API specifications
Powered by GitBook
On this page
  • Step 1. Develop a RESTful API
  • Step 2. Offer the /capabilities endpoint
  • Step 3: Deploy TLS layer with QWAC certificate
  • Further reading
  1. DSGO Developer Portal

Guide 5. Configure resource server

PreviousGuide 4. Configure authorization serverNextGuide 6. Define data service

Last updated 2 months ago

As a data service provider you need to implement an and a resource server. This guide explains how you configure a resource server.

The resource server is being used by the Data service provider to communicate with Clients from data service consumers. On the resource server the data services are implemented. The resource server is responsible for Policy Based Access to the data services and the data within these services. The functions and interfaces of the resource server are defined within the .

Step 1. Develop a RESTful API

Developing a Resource Server involves creating a backend that protects resources (APIs) and only allows access to clients with valid and authorized tokens. Here's a high-level process:

  1. Set Up API Endpoints: Define your protected APIs for your data services, according to the

  2. Validate Access Tokens:

    • Use JWT validation for tokens with embedded claims (validate signature and claims like aud, exp, etc.).

    • Use token introspection for opaque tokens by calling the Authorization Server's introspection endpoint.

  3. Implement Access Control:

    • Check scopes or roles from the token to enforce permissions.

    • Apply middleware, filters, or decorators to secure endpoints.

  4. Use Secure Protocols: Always use HTTPS to protect data in transit.

  5. Test with Tokens: Test your Resource Server by generating tokens using an Authorization Server and calling protected endpoints.

Step 2. Offer the /capabilities endpoint

Every data service producer needs to implement the as described in the DSGO rulebook. This endpoint allows for discovery of data services within the DSGO.

Step 3: Deploy TLS layer with QWAC certificate

Further reading

Source
Description
Author
Language

DSGO generic API requirements

digiGO

English

DSGO specification of the /capabilities endpoint.

digiGO

English

iSHARE specification of a generic /service endpoint.

iSHARE

English

Github repository with code snippets for implementing iSHARE functionality.

iSHARE

English

A set of Postman collections to test your implementation.

iSHARE

English

Reference implementation of a data service producer.

iSHARE

English

PDF document specifying a decision tree for validation a token request.

iSHARE

English

Every server needs to adhere to the TLS requirements and QWAC requirements of the DSGO. More information can be found in the .

authorisation server
Component diagram
DSGO generic API requirements
capabilities endpoint
certificate
DSGO rulebook
generic requirements
/capabilities
iSHARE /service
iSHARE Code snippets
iSHARE Postman collections
iSHARE Service Provider
iSHARE token validation
Page cover image