Offer Registration Service

Service 2 Service Authentication

Add - new API path:

The "service 2 service" feature has been introduced in this version of the Offer Registration Service. From now on, the Offer Registration Service is only able to validate service tokens (client/operator tokens are no longer validated). The validation of all kinds of client/operator tokens now happens in the API gateway, therefore the new API path has been introduced (/api/basket-offer-registration) and must be used by all clients (Basket Authorization and Authentication).

Add - new base roles:

A new set of base roles has been introduced for the Offer Registration Service. Every client calling the Offer Registration Service needs the required base role for the called endpoint either in its service token or passport (if it is the first service in the call chain). The new base roles start with "b:basket.oreg".

Remove - "tenantId" as a variable in the base path (url):

Resolving the "tenantId" out of the request URL of an incoming request has been removed by changing the security lib (AppKit to cloud platform). The tenantId must be provided by the caller via an http header (GK-Tenant-Id) or in the passport.

Section in the API Guideline: Using tenantId as a variable in the base path does not work well with the API gateway. Therefore, new service APIs must not use tenantId as a path. The tenantId must be taken from JWT (transformed by the API gateway into GK Passport) or the GK-Tenant-Id header.