Open SandGrainOne opened 6 months ago
Yes, we need to know both the client (i.e. internal service issuing the call as part of a bundeled service) and the actual service owner (the on-behalf-of part).
@olebhansen : add contents from discussion on what stats to provide and if this can be extracted from existing API usage info.
Can be extracted from the Maskinporten-token (it will have claims set, that can be used for this purpose). Need to understand the process and if some explicit delegation is needed and/or if that will result in a too-convoluted process.
Description
There is a need for an "on behalf of" dimension to notification orders. The best example would be when "correspondence" includes the need for a notification. The application owner would order the creation of a correspondence using the correspondence API which in turn would send a request to notification. In order to track the notification back to the correct application owner we would need this as input from the corresponence application.
Additional Information
Separate specialiced endpoint with an admin scope that internal systems can use to order notifications on behalf of their users.
Refinement notes