Authorization Server

For customers (participating companies and insurtechs) to participate in Open Insurance Brazil, they need to communicate with each other in a direct conversation, transmitting end-user data from express consent and sharing information regarding the consent itself.

The Authorization Server is responsible for ensuring that transactions which take place within the scope of Open Insurance are authorized and follow all security requirements. It follows all regulations required by Open Insurance - implementing OAuth 2.0, OpenID Connect and FAPI-RW rules.

How It Works

The Authorization Server acts on two ends. On one end it is responsible for the authorization of customer registration at Sensedia, the consent process, and the generation and revocation of access tokens. On the other end, it is responsible for validating the authentication and authorization scope when accessing the resources of the Open Insurance business APIs. In this case, we have unique Open Insurance interceptors that do the necessary validations by internally calling the Authorization Server.

How does the authorization flow work?

The participating companies in Open Insurance need to communicate directly for data exchanges. When this conversation happens over the APIs that are deployed on Sensedia API Platform, the companies must be registered as clients and we provide the server that creates and validates the client access tokens. Each client is a company that has its users (the data owners). The users' data is kept in the customers' databases - this data is never manipulated by Sensedia.

opin auth server diagram
The Authorization Server is the authorization bridge that enables the exchange of data between participating companies. User information is never manipulated or maintained by Sensedia.

Useful links:

Thanks for your feedback!
How useful was this article to you?