POST - registrationPost


Client Registration request


[From RFC7591] This operation registers a client with the authorization server. Theauthorization server assigns this client a unique client identifier, optionally assigns a client secret, and associates the metadata provided in the request with the issued client identifier. The request includes any client metadata parameters being specified for the client during the registration. The authorization server MAY provision default values for any items omitted in the client metadata. To register, the client or developer sends an HTTP POST to the client registration endpoint with a content type of "application/json". The HTTP Entity Payload is a JSON [RFC7159] document consisting of a JSON object and all requested client metadata values as top-level members of that JSON object.


  • manageRegistration


access (required)
Registration data submitted by a given client.
Digest (required)
Digest of the body
Signature (required)
http-signature of the request (cf. https://datatracker.ietf.org/doc/draft-cavage-http-signatures/) The keyId must specify the way to get the relevant qualified certificate. It is requested that this identifier is - either an URL aiming to provide the relevant Qualified Certificate. - or the kid parameter retrieved through the certificate registration during a previous OAUTH2 Technical Setup
X-Request-ID (required)
Correlation header to be set in a request and retrieved in the relevant response

Return codes

201 Created
400 Invalid status value
401 Unauthorized, authentication failure.
403 Forbidden, authentication successful but access to resource is not allowed.
405 Method Not Allowed.
406 Not Acceptable.
408 Request Timeout.
429 Too many requests.
500 Internal server error.
501 Not Implemented. This code should be used when the entry point is implemented but cannot provide a result, given the context. When the entry point is not implemented at all, HTTP400 will be returned.
503 Service unavailable.



Available authentification

OAuth 2.0