Authorization Header.

When required, each request must have an Authorization header with the following information:

    Header Name: Authorization
    Header Value: CWSAuth service=<ServiceKey>, bearer=<BearerToken>

Access Control.

The identities (user and/or service) contained in the authorization header must be associated with (at least) an access policy that matches the permissions and scopes required by the target endpoint.

An access policy is a combination of a set of permissions and a set of scopes:

    Permissions: ["CC:[AccessScope]:[Service]:[PermissionName]"]
    Scopes: ["CC:[CustomerScope]:[Service]:[Instance]:[ScopeName]"]