Most API:s require the requests to include an OAuth 2 bearer token also known as an access token.
Fetch access token
An access token can be fetch with a HTTP POST request to https://skolid.se/connect/token with the following form values:
- grant_type = client_credentials
- client_id = client id received from IST
- client_secret = client secret received from IST
- (OPTIONAL) scope = the scopes/apis that should be included in the access token. Leave empty to include all scopes allowed for the client.
Example CURL:
curl --location --request POST 'https://skolid.se/connect/token' \ --form 'grant_type=client_credentials' \ --form 'client_id=<INSERT CLIENT ID>' \ --form 'client_secret=<INSERT CLIENT SECRET>'
Example Response:
{ "access_token": "ACCESS_TOKEN", "expires_in": 3600, "token_type": "Bearer", "scope": "skolid.profile" }
Basic Auth can also be used for sending the client id and the client secret in the token request.
NOTE that the access token is only valid for a limited amount of time, usually an hour.
Use access token
An access token is usually included as a bearer token in the requests towards the respective API:s. This is done by using the Authorization HTTP header with the value Bearer <INSERT ACCESS TOKEN>.
Example CURL:
curl --location --request GET 'https://api.ist.com/example' \
--header 'Authorization: Bearer <ACCESS TOKEN>'
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now