Getting access to data through data source
In order to connect your service to a data source (API), the service needs to be using OIDC for integrating with Feide.
With data sharing in Feide, services can easily get additional data that is not available in the user directories of the host organizations. It enables sharing data from a data source (API) with services in a secure manner, using the existing access control and authentication mechanisms in Feide for clients and end users.
Data owners such as host organizations, or data providers such as other service providers, can make their data available by creating data sources in Feide. Instead of users registering the same information in multiple services, based on exporting datasets, or setting up expensive integrations for every host organization uses a service, the data can be shared through the data sharing functionality in Feide.
If your service needs additional data to implement some new functionality you can get information through a data source available in Feide. Lists of available data sources can be found in the Customer Portal or in Dataporten Dashboard. Read more about existing data sources.
Requesting access to data source
You can only request access to data sources that are registered in the Feide Customer Portal.
Other data sources are available in Dataporten Dashboard. Requesting access to data source in Dataporten Dashboard is done using Dataporten Dashboard. See **how to request access to data source in the Dataporten Dashboard**
When editing your service go to the Data source tab and click Connect to data source.
Here you will find a list of available data sources. Use the search field if the data source you are looking for is not visible.
Any data source marked as internal by the data provider will not be shown. It may be that the source is meant for use by the owning organization only, or it might not be ready for production use yet.
When you have found the data source you want to connect with, click on the name of the data source.
Here you get more information about the data source, such as what organization provides it, description, the various information available (under the Access level tab), and link to technical documentation. We recommend reading the technical documentation shown before requesting access to the data source.
To request access to the data source click on Connect data source to service in the right corner of the data source.
In the drop-down menu you select the service you want to access the data source with. Only services integrated using the OIDC protocol are listed since SAML protocol doesn’t support the use of Feide data sources.
Then select the access level with the information the service needs. Before selecting the access level think about what information the service needs to know about the user and organization. Avoid requesting access to more information than the service needs. For example, some services only need to know that the user is a student, while others need to know the subjects and the grade of the students. If you find out later that the service needs more information, you can request additional access levels at that time.
When selecting the access level click on Connect to request connecting to the data source.
Getting access to a data source
The access is either granted instantly or upon request. This depends on which authorization mode has been set by the data owner.
The two different scenarios are illustrated below.
If you have requested an access level using the Free access mode, your service is granted access at once.
If you have requested an access level using approval mode, you need to wait for the data provider to approve the access for the service. Is up to the data owner, and not the data provider, whether or not they want to approve or deny some or all access levels that the service provider has requested. You will be notified by email when the request is granted or denied.
It may take some time for the data provider to handle the request if the data provider is not also the data owner. The data provider needs the permission of the data owner to grant services access to the data. For now, this needs to be handled outside the Customer Portal. The data owner may also have to conduct a new risk assessment of your service and update their Data Processing Agreement if the service gets additional information.
The data owner may contact you as a service provider if they are unsure about how the service will be using and storing the data before approving the access. This communication is done outside of the Customer Portal for example through email.
Accessing data from a data source
When you have been granted access to the data source, the service needs to access the data. This is done by JWT-token exchange
Requesting access to data source in Dataporten Dashboard
Services can request access to data sources either in Dataporten Dashboard or in the Customer Portal. Data sources that are registered in Dataporten Dashboard must be requested from Dataporten Dashboard.
If you are registered as an administrator in the Customer Portal, you will be able to login to Dataporten Dashboard using the same credentials. All new data sources can be registered and managed in the Feide Customer Portal. Dataporten Dashboard should only be used for data sources that are already registered in Dataporten Dashboard or sources with multiple data owners that the data provider doesn’t want to register as multiple data sources in the Customer Portal. If you can’t find the data source in Dataporten Dashboard, see Feide Customer Portal
Available data sources (API) in Dataporten Dashboard are listed in the 3rd party APIs tab on an service.
All services are listed under Application under your organization. OIDC services that are registered in the Feide Customer Portal get synchronized to Dataporten Dashboard, so you don’t need to register a new service to create or use data sources (APIs).
Data sources that are created by your organization are visible in the My APIs tab, while all others will be available in the 3rd party API tab. Read more about existing data sources
Search for the data source you want the service to connect to, and check the corresponding access box.
Then click on “request access” or “Add access”.
Some APIs may be made available instantly without moderation, while others may require moderation by either the API owner or each of the organizations providing the data.
When you have been granted access to the data source the service needs to access the data. This is done by using doc:JWT-token exchange </data_sharing/jwt_token_exchange> or the legacy API gatekeeper