Authorization
Authorization in our application is handled using OpenID Connect (OIDC). This section will guide you through the process of authorizing using the client credentials flow.
You can find important metadata about our OpenID Connect configuration at the
.well-knownendpoint: /.well-known/openid-configuration.
Note: The
.well-knownendpoint is subject to change during the beta phase.
How to Authorize with the API
Obtain an Authorization Token: To authorize with the API, you need to obtain an access token using the client credentials flow. Ensure you have the necessary client ID and client secret provided by our client application.
Here is an example of how to request a token:
POST selfurl/connect/token Content-Type: application/x-www-form-urlencoded grant_type=client_credentials &client_id=your_client_id &client_secret=your_client_secret &scope=Beheer
Replace
your_client_id,your_client_secretwith the appropriate values.
Include the Token in API Requests: After obtaining the token, include it in the Authorization header of your API requests. The token should be prefixed with Bearer. Here is an example:
GET selfurl/api/app/product?api-version=1.0 Authorization: Bearer your_access_token
Replace
your_access_tokenwith the token you received.
- Token Refresh: Tokens are typically short-lived for security reasons. If your application requires long-term access, you will need to implement a mechanism to refresh the token. This usually involves requesting a new token using the client credentials flow again when the current token expires.