Skip to content

Maskinporten

Maskinporten is a service provided by DigDir that allows API providers to securely enforce server-to-server authorization of their exposed APIs using OAuth 2.0 JWT grants.

The NAIS platform provides support for declarative registration of Maskinporten resources. These cover two distinct use cases:

For API Consumers

A client allows your application to integrate with Maskinporten to acquire access tokens. These tokens authenticate your application when consuming external APIs whom require Maskinporten tokens.

graph LR
  Consumer["API Consumer"] --1. request token---> Maskinporten
  Maskinporten --2. issue token---> Consumer
  Consumer --3. use token---> API["External API"]

Get started with a Maskinporten Client

For API Providers

A scope represents a permission that a given consumer has access to. In Maskinporten, you can define scopes and grant other organizations access to these scopes.

graph LR
    Provider["API Provider"] --define scope---> Maskinporten

When a consumer requests a token for a given scope, Maskinporten will enforce authorization checks and only issue a token if the consumer has access to the scope.

graph LR
    Consumer["External Consumer"] --1. request token---> Maskinporten
    Maskinporten --2. issue token---> Consumer
    Consumer --3. use token---> Provider["API Provider"]

Get started with Maskinporten Scopes