Context and background
Target audience
Analysts and developers of integrators who want to call a secured Informatie Vlaanderen API and need to know how to authorize.
Goals
- Help you decide the most suitable method to connect to the Informatie Vlaanderen REST APIs
- Provide a step-by-step explanation of to get authorization to use the secured Informatie Vlaanderen REST APIs with your chosen method.
Terminology
Term | Definition |
---|---|
Resource Owner | The entity that can grant access to a protected resource. Typically, this is the end-user. |
Client | An application requesting access to a protected resource on behalf of the Resource Owner. |
Resource Server | The server hosting the protected resources. These are typically the secured Informatie Vlaanderen REST APIs. |
Authorization Server | The server that authenticates the Resource Owner and issues Access Tokens after getting proper authorization. In this case this is the Informatie Vlaanderen Authorization Server (oauth.vlaanderen.be) |
Access Token | A credential that can be used by an application to access an API. |
Refresh Token | A long-lived token that is used to obtain a new Access Token after a previous one has expired. |
JSON Web Key | A JavaScript Object Notation (JSON) data structure that represents a cryptographic key. This will be used to establish asynchronous authentication. |
How to obtain your oauth Client from Informatie Vlaanderen?
Register your Client with Informatie Vlaanderen by sending an e-mail with the following information (preferrably in Dutch) to informatie.vlaanderen@vlaanderen.be.
- A descriptive name of your client. It helps Informatie Vlaanderen to identify your integration.
Example: Telco-GIPODplatform - A short description of the business use.
Examples:- Nachtelijke synchronisatie van GIPOD-innames.
- Voor de integratie van KLIP-planaanvragen.
- The username(s) (at least one) of the client administrators.
If you don’t have a user account yet, you can register at https://beta.oauth.vlaanderen.be - The list of scopes your client needs to access the API (consult the documentation of the API).
- Your integration scenario:
- Client Credentials Grant
- Authorization Code Grant
- Authorization Code Grant for web (+ include one or more redirection URLs of your web application)
Our helpdesk will set up the requested oauth client and send an e-mail containing a link to a page to manage his registered client(s).
Next step: find the most suitable way to connect.
Add Comment