Configuring Pre-Authentication Rules heading-link-icon

As described in Registration Approval, you can specify that certain changes to the member’s context must be manually approved (or declined), even if a pre-auth token A type of programmable digital asset that can represent value and be traded. Tokens can be fungible or non-fungible. was submitted. This section describes how to manage pre-auth registration rules using the Corda REST API.

To add an approval rule for registrations containing a valid pre-auth token, use the mgm/{holdingidentityshorthash}/approval/rules/preauth POST method of the REST API.

For example, to specify that all requests that contain a valid pre-auth token, with changes to the endpoint information in the member Corda identity that has been granted admission to a membership group. Synonym for a virtual node or group member. context must be manually approved:

RULE_PARAMS='{"ruleParams":{"ruleRegex": "^corda.endpoints.*$", "ruleLabel": "Any change to P2P endpoints requires manual review."}}'
curl -k -u $REST_API_USER:$REST_API_PASSWORD -d $RULE_PARAMS $REST_API_URL/mgm/$MGM_HOLDING_ID/approval/rules/preauth
Invoke-RestMethod -SkipCertificateCheck -Headers @{Authorization=("Basic {0}" -f $AUTH_INFO)} -Method Post -Uri "$REST_API_URL/mgm/$MGM_HOLDING_ID/approval/rules/preauth" -Body (ConvertTo-Json  @{
    ruleRegex = "^corda.endpoints.*$",
    ruleLabel = "Any change to P2P endpoints requires manual review."
    }
})

To retrieve all created pre-auth approval rules, use the mgm/{holdingidentityshorthash}/approval/rules/preauth GET method.

curl -k -u $REST_API_USER:$REST_API_PASSWORD $REST_API_URL/mgm/$MGM_HOLDING_ID/approval/rules/preauth
Invoke-RestMethod -SkipCertificateCheck -Headers @{Authorization=("Basic {0}" -f $AUTH_INFO)} -Uri "$REST_API_USER:$REST_API_PASSWORD $REST_API_URL/mgm/$MGM_HOLDING_ID/approval/rules/preauth"

This method returns the rules in the following format:

{
  "ruleId": "string",
  "ruleLabel": "string",
  "ruleRegex": "string"
}

To delete a pre-auth approval rule, pass the ID of the rule to the mgm/{holdingidentityshorthash}/approval/rules/preauth/{ruleid} DELETE method. You can retrieve the ID of a rule from the response of creating the rule, or from the response of the GET method described in Viewing Current Pre-Auth Approval Rules.

curl -k -u $REST_API_USER:$REST_API_PASSWORD -X DELETE $REST_API_URL/mgm/$MGM_HOLDING_ID/approval/rules/<RULE_ID>
Invoke-RestMethod -SkipCertificateCheck -Headers @{Authorization=("Basic {0}" -f $AUTH_INFO)} -Method Delete -Uri "$REST_API_URL/mgm/$MGM_HOLDING_ID/approval/rules/<RULE_ID>"

Was this page helpful?

Thanks for your feedback!

Chat with us

Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.

Propose documentation improvements directly

Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.

We're sorry this page wasn't helpful. Let us know how we can make it better!

Chat with us

Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.

Create an issue

Create a new GitHub issue in this repository - submit technical feedback, draw attention to a potential documentation bug, or share ideas for improvement and general feedback.

Propose documentation improvements directly

Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.