PPK and OAuth security keys explained

There are two security mechanisms for using the web services. You can use either or both of these.

Public/private key

So we can identify who is using the web services for what, an application key is issued to each organisation. The key is used in conjunction with a secret (a bit like a password) to sign each URL.

You can request a key.

OAuth access

OAuth is the open standard for authorisation.

esd has a sign-in mechanism which uses OAuth so any developer can implement sign-in in the same way as LG Inform and LG Inform Plus. If your application uses OAuth sign-in, you can give signed-in users access (via the web services) to data personal to them and non-public data that their organisation might be permitted to use.

To prevent security issues when handling redirects from the OAuth process, please don't allow redirection to other domains that you do not control.