Skip to main content

Authorities

DVS uses authorities to control which endpoints your access token can use. Authorities are bound server-side to your client_id at onboarding — they are not embedded in the token itself (the token is opaque) and they are not requested via OAuth scopes. On every API call, DVS looks up the authorities granted to your client_id and enforces them against the requested operation.

Authority catalog

AuthorityGrants access to
dvs:classification:createPOST /v1/classification-requests
dvs:classification:readGET /v1/classification-requests/{id}
dvs:validation:createPOST /v1/provider-validation-requests, GET /v1/document-types
dvs:validation:readGET /v1/validation-requests/{id}
dvs:provider:readGET /v1/provider-document-type-access (read your own access matrix)
dvs:webhook:readGET /v1/webhook-endpoints (list your registered webhooks)

Typical bundles by use case

OSIGU configures one of these bundles on your client_id based on your integration agreement. To request a different bundle, contact support@osigu.com.

Classification only

dvs:classification:create dvs:classification:read

Validation only

dvs:validation:create dvs:validation:read

Classification + auto-validate

dvs:classification:create dvs:classification:read dvs:validation:read (to poll the chained validation)

Full integration (both APIs + self-service reads)

All of the above

Admin-only authorities

The following authorities are never granted to providers — they're for internal OSIGU operations:

  • dvs:classification:admin
  • dvs:validation:admin
  • dvs:provider:admin
  • dvs:webhook:admin

If you need an action covered by an admin authority (e.g., rotating your webhook secret), contact support@osigu.com.

When you'll see 403

403 071-403

Your client_id doesn't have the required authority configured on the OSIGU side. Contact support@osigu.com to request it — the scope field in the OAuth token response is coarse (read write) and does not control DVS authorities.

403 071-403-document-type-not-allowed

The token authority check passed, but you don't have access to the specific (document_type, country_code, agreement_code) combination requested. Use GET /v1/document-types to list what you can validate.

403 071-403-tenant-mismatch

You're trying to read or retry a request that doesn't belong to your tenant. This is a hard boundary — you can never access another provider's requests.