Getting started
Context and background
Target audience
Analysts and developers of integrators who want to call a secured Digitaal Vlaanderen API and need to know how to authorize.
Goals
- Help you decide the most suitable method to connect to the Digitaal Vlaanderen REST APIs
- Provide a step-by-step explanation of how to get authorization to use the secured Digitaal Vlaanderen REST APIs with your chosen method.
Terminology
| Term | Definition |
|---|---|
| Resource Owner | The entity that can grant access to a protected resource. Typically, this is the end-user. |
| Client | An application requesting access to a protected resource on behalf of the Resource Owner. |
| Resource Server | The server hosting the protected resources. These are typically the secured Digitaal Vlaanderen REST APIs. |
| Authorization Server | The server that authenticates the Resource Owner and issues Access Tokens after getting proper authorization. In this case this is the Digitaal Vlaanderen Authorization Server (authenticatie.vlaanderen.be) |
| Access Token | A credential that can be used by an application to access an API. |
| Refresh Token | A long-lived token that is used to obtain a new Access Token after a previous one has expired. |
| JSON Web Key | A JavaScript Object Notation (JSON) data structure that represents a cryptographic key. This will be used to establish asynchronous authentication. |
How to obtain your oauth Client from Digitaal Vlaanderen?
You can obtain access to the GIPOD API trough the self-service portal "Beheerderportaal". There are two environments:
- Beheerderportaal T&I, connected to the GIPOD beta environment
- Beheerderportaal production, connected tot the GIPOD production environment