Hi all,
Looking at the documentation of the party management section of the JSON-API, a few questions came up that I would like to clarify.
Assuming that the ledger has authentication enabled (i.e. JWT tokens are verified for each request) are the following statements correct?
- To successfully allocate a new party through the JSON API, the JWT used for that request would need to have the admin claim set to true. (This is effectively verified by the ledger, not the JSON API)
- If so, is this all that would be required.
- Is the assumption correct that if the value of the admin field defaults to false if it is not set.
If authentication is not enabled on the ledger,
a. An admin: true
field is not required on the JWT when allocating a new party.
b. actAs
/ readAs
claims would still be required in order for the JSON-API to deduce who is the actor.
Thanks for the confirmations/corrections.
Best,
Darko