Grant access to envelope
POST/envelope/acl
Grants a target client access to this envelope.
For confidential clients, a direct client grant is created. For public clients without a subId, a ticket-based grant is created if the target client has a ticket template configured. The grant type determines how the target client attaches to the envelope in future sessions.
Note that clients need to be configured before they can be granted access through ACLs, either with template URLs for ticket-based methods, or with key-exchange methods for direct grants. This endpoint will reject grant requests that cannot be fulfilled based on the target client's configuration.
Speak to DataWollet support if you need to set up client configurations or have questions about options for sharing data between different organisations, M2M clients, or user-centric applications - all of these use cases are supported through the envelope mechanisms but require different approaches to client configuration and ACL management.
Request
Responses
- 200
- 403
- 404
- 409
- 412
- 422
Access granted
Authentication failed, session key invalid, envelope inactive, encryption key unavailable, or no ACL entry for caller
Target client ID or alias not found in the client registry
ACL entry already exists for this client, or envelope was modified concurrently — retry the request
Session is not attached to an envelope
Invalid grant configuration — subId cannot be set for confidential clients, public client has no ticket template and no subId, or grant type not yet supported (client/sub grants require key exchange configuration)