Authentication & Authorization¶
Gaining Access¶
We are mainly granting access to partners right now but if you are interested in using our data then feel free to contact us. See contact information on the main site.
Restrictions¶
All endpoints have defined access requirements. When requesting an
access token you will also specify a scope. For all standard data points
the only available scope is client
(this is automatically granted by
default). This scope gives you access to the endpoints that we have
defined for you (these are the endpoints you see in the
Explorer
). If you are
planning on consuming only non user related data then this is the only
scope you will need, and you can access it by using the Client
credentials grant.
For user data endpoints you will need to request authorization from the user for more scopes by using the Authorization Code Grant.
The current user scopes are:
user.reviews.write
user.social.read
user.social.write
user.lists.read
user.lists.write
user.alerts.read
user.alerts.write
You can specify multiple scopes by separating them via comma: “scope1,scope2”.
OAuth¶
Getting an access token¶
Client credentials grant¶
POST: https://api.site.tld/auth/token
(x-www-form-urlencoded data):
grant_type: client_credentials
client_id: CLIENT_ID,
client_secret: CLIENT_SECRET,
scope: client
A successfull response will look like this:
access_token': a generated hash (string)
token_type': 'bearer' (string)
expires': timestamp (integer)
expires_in: seconds until expire (integer)
External credentials grant¶
POST: https://api.site.tld/auth/token
(x-www-form-urlencoded data):
grant_type: external
client_id: CLIENT_ID,
client_secret: CLIENT_SECRET,
id: EXTERNAL_SERVICE_USER_ID,
service: EXTERNAL_SERVICE_NAME,
An external token should be added. When the external service follows OAuth2 it looks as follows:
token: TOKEN_STRING
When external service is OAuth1 the token should have the following format:
token[identifier]: TOKEN_IDENTIFIER
token[secret]: TOKEN_SECRET
Response has the same format as Client credentials grant.
Authorization Code Grant¶
GET: https://api.site.tld/auth?client_id=CLIENT_ID&redirect_uri=REDIR_URI&response_type=code&scope=SCOPES&state=STATE
The responding url will contain error on failure, or code and refresh on success.
If the authorization was successfull you can now request an access token with the auth code you got:
POST: https://api.prisjakt.nu/v1/auth/token
(x-www-form-urlencoded data):
grant_type: authorization_code
client_id: CLIENT_ID,
client_secret: CLIENT_SECRET,
redirect_uri: REDIR_URI,
code: AUTH_CODE
Refresh Token¶
POST: https://api.prisjakt.nu/v1/auth/token
(x-www-form-urlencoded data):
grant_type: refresh_token
client_id: CLIENT_ID,
client_secret: CLIENT_SECRET,
refresh_token: REFRESH_TOKEN