We are excited to announce the release of versions 1.3 & 1.4 of the Nucleus API, as part of Hydrogen’s Atom offering. Check the details below to find out what’s new!
Data Access Controls
The Nucleus 1.3 & 1.4 version releases introduce Data Access Controls into Atom APIs. These controls bring an added layer of security on top of the sensitive data held within Nucleus.
The new Data Access Controls consist of 3 major components:
- Support of the Resource Owner Password Credentials grant type
- In this grant type, a user’s login credentials (username/password) are used for authorization. This allows applications to define what actions users can take within the application.
2. Ability to assign Authorities for each user which will determine which endpoints they can access application-wide and the data they will be able to view. The new Authorities available are:
- Super Admin
- Portfolio Manager
- Marketing Manager
- Operations Agent
- Support Agent
3. Additional account level security through Permission Types is assigned to authorities that are either Client or Advisor. This will control the actions the user can take on the account and the data specific to the account that the user can view. The new Permission Types available at the account-level are:
- Inquiry Access
- Limited Authority
- Full Authority
- Power of Attorney
It is important to note that the added controls for each Authority and Permission Type have no change to the request and response containers of the endpoints. The primary change needed to utilize these data access controls is to switch the Authorization flow from the Client Credentials grant type to the Resource Owner Password Credentials grant type.
When Data Access Controls are not activated, any user can access all endpoints and all data records, regardless of any Authority or Permission Type that may be set. When Data Access Controls are activated, a user’s Authority and Permission Type need to be defined to restrict which endpoints they can access, and which data records they can view.
For more detailed information regarding Authorities and Permission Types please refer to the following documentation link: