API Hub

Authenticate

We use the standard OAuth 2.0 authentication protocol with client credentials. If you are not familiar with how this works we will try our best to guide you through getting started with our API Hub.

Get started

In order to use any of NTB's APIs you need to first and foremost retrieve an access_token

We will go through how to request an access token with Curl, but you may substitute Curl with any other HTTP client depending on what programming language or framework you are using.

The following Curl command will give you an access token. Remember to replace the <YOUR_CLIENT_ID> and <YOUR_CLIENT_SECRET> with your credentials.

curl --request POST \
  --url 'https://login.sdl.no/oauth/token' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=<YOUR_CLIENT_ID> \
  --data client_secret=<YOUR_CLIENT_SECRET> \
  --data audience=https://api.ntb.no

If all the credentials are correct, you will receive an HTTP 200 response with a payload containing access_token,token_type, and expires_in values:

{
  "access_token":"eyJz93a...k4laUWw",
  "token_type":"Bearer",
  "expires_in":86400
}

Using the value from the access_token value as a Bearer token in the Authentication header you can now call any of the APIs in the API Hub.

With Curl, such a request would typically look like this:

curl --request GET \ 
  --url https://api.ntb.no/demo/entities/123456 \
  --header 'Authorization: Bearer <ACCESS_TOKEN>' \
  --header 'Content-Type: application/json'

Note: The Content-Type being set to application/json is important.

Caching the access token

There is a limit of access tokens you can request within a given timeframe. For this reason we recommend that you cache the access token for the entirety of it's lifetime. The token lifetime is defined by the expires_in value. This value is the token's time to live (TTL) in seconds since it was created.

Recommended tools

Authentication libraries

Behind the scenes NTB's API Hub authentication is powered by Auth0. You can use any of Auth0's libraries to authenticate with our API.

Client libraries

Because all our APIs have an OpenAPI definition you can use any Swagger or OpenAPI generator of your choice to generate client libraries. We recommend using OpenAPI Generator.

Testing tools

We recommend testing the APIs with Postman. To make your life easier, you can even import an API's OpenAPI yaml file into Postman. These can be downloaded from each APIs documentation page.