Other services will need to create notifications on behalf of an application owner

SandGrainOne commented 6 months ago

Description

There is a need for an "on behalf of" dimension to notification orders. The best example would be when "correspondence" includes the need for a notification. The application owner would order the creation of a correspondence using the correspondence API which in turn would send a request to notification. In order to track the notification back to the correct application owner we would need this as input from the corresponence application.

Additional Information

Separate specialiced endpoint with an admin scope that internal systems can use to order notifications on behalf of their users.

Refinement notes

We need to know what Notifications should keep track of and what Correspondence will keep track of.
- Do we (Notifications) need to know both that the order was placed by system and who it was for: Correspondence for SSB.

olebhansen commented 2 months ago

Yes, we need to know both the client (i.e. internal service issuing the call as part of a bundeled service) and the actual service owner (the on-behalf-of part).

olebhansen commented 1 month ago

~~@olebhansen : add contents from discussion on what stats to provide and if this can be extracted from existing API usage info.~~ Can be extracted from the Maskinporten-token (it will have claims set, that can be used for this purpose). Need to understand the process and if some explicit delegation is needed and/or if that will result in a too-convoluted process.

Altinn / altinn-notifications