Introduction
During the transition there are 2 major work blocks: changing the authentication and switching to the renewed GIPOD API.
The renewed GIPOD API ( gipod.api.vlaanderen.be ) will work with both Geosecure and ACM authentication, but the existing GIPOD API ( private-api.gipod.vlaanderen.be ) will only work with Geosecure authentication.
Therefore we recommend switching to the renewed API & changing the authentication in one go.
TL;DR for CCG with JWK
Beta | Production |
|
|
Set up clients in ACM
The current Geosecure clients are being phased out.
While various integration scenarios are possible in Geosecure, only Client Credential Grant Clients with a JWK are accepted in ACM.
Digital Flanders prepares the transition from Geosecure clients to ACM clients as much as possible. How far this goes depends on the current integration setup:
Client Credential Grant-Client (with JWK) at Geosecure => Digital Flanders creates a Client Credential Grant-Client at ACM, the JWK is adopted.
Client Credential Grant-Client (with secret) at Geosecure => Digital Flanders creates a Client Credential Grant-Client at ACM, you will have to create a JWK yourself.
B2B Authorization Code Grant-Client at Geosecure => you switch to 1 or more Client Credential Grant-Client(s) at ACM (1:n relationship, one per customer for which you act as a service provider), each with a JWK. The clients will not be automatically created by Digital Flanders via the bulk migration.
More information about moving from Geosecure clients to ACM clients: https://confluence.voalm.vlaanderen.be/display/GAEP/Scenario%2527s%2Bvoor%2Boverschakeling%2Bvan%2Bde%2BAPI-clients
More information about managing Client Credential Grant clients in ACM: https://confluence.voalm.vlaanderen.be/display/GAEP/Module%2BOAuth%2BClient%2BCredentials%2BGrant%253A%2BAPI-Client%2Bbeheren
Authenticate on the GIPOD API with an ACM token
GIPOD uses ACM for the authentication and authorization of users. Digital Flanders offers a web application in which users can carry out the complete flow of GIPOD. Digital Flanders also provides services for integrating GIPOD into your own software systems.
Authentication on the GIPOD API is done with an ACM token:
To connect to the GIPOD API you need a signed JWT token. To do this, work with a Client credentials grant .
More information about server-server authentication can be found here and about creating a signed JWT token here .
Adjustments of the GIPOD API endpoint
The renewed GIPOD API endpoint ( gipod.api.vlaanderen.be ) will work with both Geosecure and ACM authentication, but the existing GIPOD API endpoint ( private-api.gipod.vlaanderen.be ) will only work with Geosecure authentication.
Both API endpoints are functionally identical, apart from the authentication, as both are a gateway to the same GIPOD services.
Guides
Questions about converting Geosecure clients to ACM clients: uitfaseringgeosecure@vlaanderen.be
Questions about managing ACM clients: integraties@vlaanderen.be
Questions about the GIPOD API: digital.vlaanderen@vlaanderen.be
Add Comment