The Authorization API allows the application to make authorization decisions for the core. That is, the core asks the application to decide if a given authorization request should be allowed or denied. An Authorization request listener must be created to use the TCP Tunnelling feature.

The application has access to details from the authorization request through attributes. The connection on which the authorization request takes place is also available for the application, making it possible to retrieve details about the remote peer as input in the authorization decision process.

An Authorization request is requesting access to one of the following actions:

TcpTunnel:ListServices  CoAP request to list services
TcpTunnel:GetService    CoAP request to get information for a specific service
TcpTunnel:Connect       CoAP request to test access permissions, or new stream opened on a tunnel

The Authorization requests TcpTunnel:GetService and TcpTunnel:Connect actions contains the following attributes:

TcpTunnel:ServiceId    The id of the service.
TcpTunnel:ServiceType  The type of the service.