Authenticate
We use the standard OAuth 2.0 authentication protocol with client credentials. If you are not familiar with how this works we will try our best to guide you through getting started with our API Hub.
Get started
In order to use any of NTB's APIs you need to first and foremost retrieve an access_token
We will go through how to request an access token with Curl, but you may substitute Curl with any other HTTP client depending on what programming language or framework you are using.
The following Curl command will give you an access token. Remember to replace the <YOUR_CLIENT_ID>
and <YOUR_CLIENT_SECRET>
with your credentials.
curl --request POST \
--url 'https://login.sdl.no/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data grant_type=client_credentials \
--data client_id=<YOUR_CLIENT_ID> \
--data client_secret=<YOUR_CLIENT_SECRET> \
--data audience=https://api.ntb.no
If all the credentials are correct, you will receive an HTTP 200 response with a payload containing access_token
,token_type
, and expires_in
values:
{
"access_token":"eyJz93a...k4laUWw",
"token_type":"Bearer",
"expires_in":86400
}
Using the value from the access_token
value as a Bearer token in the Authentication
header you can now call any of the APIs in the API Hub.
With Curl, such a request would typically look like this:
curl --request GET \
--url https://api.ntb.no/demo/entities/123456 \
--header 'Authorization: Bearer <ACCESS_TOKEN>' \
--header 'Content-Type: application/json'
Note: The Content-Type
being set to application/json
is important.
Caching the access token
There is a limit of access tokens you can request within a given timeframe. For this reason we recommend that you cache the access token for the entirety of it's lifetime. The token lifetime is defined by the expires_in
value. This value is the token's time to live (TTL) in seconds since it was created.
Recommended tools
Authentication libraries
Behind the scenes NTB's API Hub authentication is powered by Auth0. You can use any of Auth0's libraries to authenticate with our API.
Client libraries
Because all our APIs have an OpenAPI definition you can use any Swagger or OpenAPI generator of your choice to generate client libraries. We recommend using OpenAPI Generator.
Testing tools
We recommend testing the APIs with Postman. To make your life easier, you can even import an API's OpenAPI yaml file into Postman. These can be downloaded from each APIs documentation page.