Business APIs are using the following concepts :
- Identity: The user that can connect to APIs
- Account: an Object identifying the paying entities, identified by its customerId
Between Identies and Accounts, some roles are defined. Those roles enable some capabilities. Thus, all calls to APIs checked againsts security checks to know whether a call can be performed or not.