Authentication and authorization
In order to access the api services for person information the client needs to authenticate using HelseID at the highest level. The client needs to use an enterprise certificate in order to get a valid token from HelseID. After authenticating, the client needs to present a valid token issued by HelseID along with the request. Details regarding this process is described here (in norwegian). For more information regarding HelseID, see: https://www.nhn.no/helseid/.
Authorization will be done after identity has been confirmed through authentication. Access to information elements will be given to clients that need access to perform their job. Authorization rules will be maintained on the platform exposing the Person information services.