Furthermore the service must retrieve the authenticated users role and object ownership and respect their respective value when returning collections and elements and acting on HTTP methods. If a client tries to get, modify or delete an element for which it is not authorized, the services will response with a <code>403</code> (Forbidden) HTTP [[#Error_codes_and_responses|error code]] and includes a descriptive authorization validation message within the JSON error object.
To solely authentication a person, use the resource described under [[stoney core: Authentications Resource - REST API]].
=== Data interchange format ===