Authorizing API requests.
As described in API Authentication, associated with an API Key that is issued to a client application is a set of roles that is used to authorize requests. The following table describes the roles (authorities) that are required to be provisioned to the client application in order to access the relevant OntoPop API collection (if OntoPop's native API authentication mechanism is enabled, otherwise all the following roles are automatically granted).
If the client application has provided a valid API Key but does not have the relevant privileges to access the requested API, then a
HTTP 403 Forbiddenresponse status will be returned to the client application.