Page tree
Skip to end of metadata
Go to start of metadata

The API running on https://www.barentswatch.no/api/ is now deprecated. The exact date of removal will be announced in advance.


Authentication (now deprecated)

For resources that do not require user authentication, application authentication is required: More about application authentication.

Authentication protocol is OAuth 2.0.

Resource Owner Password Credentials flow

The user must supply a username and a password to an external client that will authenticate with the server. The server then returns a token that must be used in successive calls to the API.

Token generation:

  • Use an URL-encoded HTTP POST
  • Url must be '../api/token', ex: www.barentswatch.no/api/token
  • Header-parameter 'content-type' must be 'application/x-www-form-urlencoded'
  • Parameter 'grant_type' must be 'password'
  • Parameter 'username' (portal user) must be provided
  • Parameter 'password' must be provided
  • The response looks something like this:
    • {
          "access_token": "<long_token_string_here>",
          "token_type": "bearer",
          "expires_in": 43199
      }
  • You will receive a token ('access_token') when valid credentials has been supplied 
  • The token is valid for 12 hours ( 'expires_in' in the response is remaining seconds)
    • Just request a new token when the old one expires 

Client Credentials flow

The client must supply an id and a secret to authenticate with the server. The server then returns a token that must be used in successive calls to the API.

Token generation:

  • Use an URL-encoded HTTPS POST
  • URL must be '../api/token', ex: www.barentswatch.no/api/token
  • Header-parameter 'content-type' must be 'application/x-www-form-urlencoded'
  • Parameter 'grant_type' must be 'client_credentials'
  • Parameter 'client_id' (api user) must be provided
  • Parameter 'client_secret' must be provided
  • The response looks something like this:
    • {
         "access_token": "<long_token_string_here>",
         "token_type": "bearer",
         "expires_in": 604800
      }
  • You will receive a token ('access_token') when valid credentials has been supplied
  • The token is valid for 7 days ( 'expires_in' in the response is remaining seconds). This time interval is subject to change.
    • Just request a new token when the old one expires

How to make call the API:

  • The header-parameter 'Authorization' must be set to 'Bearer [token]' using the token returned by the authentication process.
    • Example: 

      • Authorization: Bearer 9f_TDcb_wUisotaVyLlsqmFq1-...-L1E1M9dWNp1QmF6puNYzxlX00UFBMsFOGLlG3pWNNx
  • Call the method using HTTPS and add other parameters as usual
  • No labels