Skip Navigation

Overview of Authentication, Authorization, and Registration

The following chart shows the components in a Red App that require authentication, authorization, and registration with SRWRuntime.


Requires authentication?

Requires authorization?

Requires registration?

A Red App uses services that are registered by Sabre data stores or other Red Apps




A Red App registers its own services




A Red App registers its own event listeners for events that Sabre and other Red Apps publish




A Red App publishes its own events


Registration handles authorization.



Red Apps are required to authenticate in order to consume synchronous services and to publish events.

Authentication is based on two values:

  • A RequestorId. This is the same as the Red App ID. Sabre assigns a unique Red App ID to every Red App.

  • A randomly-generated token using a Sabre Red 360 OSGi service in your Java code

When a Red App uses a service or publishes an event, it sets the `RequestorId`and token on the service context for authentication purposes.

The classes to use for authentication follow:

  • If your Red App does NOT contribute to the UI, your Activator must extend AbstractEdgeBaseNonUIPlugin .

  • If your Red App contributes to the UI, your Activator must extend AbstractEdgeBasePlugin .

  • Use the getServiceReference() method to get a reference to the token.

  • Invoke the process() method on an instance of SRWRuntime to use a communications service.


Red Apps that use SRWRuntime synchronous services are required to request authorization.

Authorization is also based on a RequestorId. Again, this is the same as your unique Red App ID. The Red App ID is included in the id attribute of the RedApp entity in redapp.xml.

Authorization is as simple as adding an Authorization entry to the redapp.xml configuration file. The Authorization entry must also include the name and threshold attributes for the service. Transactions per second is the default, however, you can specify transactions per minute by adding a metric attribute. If a Red App publishes events, authorization is handled when the event is registered in redapp.xml.

The following diagram illustrates the flow of authentication with SRWRuntime and a request for authorization to use a service that is registered with the Bus.




A Red App registers its own services, EventListeners, and Event  IDs for publishing events by declaring them in a redapp.xml file.