Authentication

To use OIS endpoints, a bearer token must be retrieved and used.

Retrieving a token

The endpoints to retrieve tokens are as follows:

• Development: https://ois-dev-apim.azure-api.net/authentication/api/v1/Token POST

• Production: https://ois.divide.nl/authentication/api/v1/Token POST

The following credentials will be provided:

• "client_id":"{client_id}",

• "client_secret":"{client_secret}",

• "audience":"{audience}",

• "grant_type":"client_credentials"

Note that the OIS Development and Production environments have different audiences, even if the client credentials are identical. Use the provided credentials in the body of the Token POST endpoint to retrieve a token.

OIS bearer tokens are valid for up to 24 hours, ensure that automated systems refresh the token as necessary.

Using a token

The OIS Development and Production environments have different BaseURLs. Note that a development token can only be used with the development BaseUrl and a production token can only be used with the production BaseUrl.

The BaseUrls are as follows:

• Development: https://ois-dev-apim.azure-api.net/

• Production: https://ois.divide.nl/

Scopes are configured in OIS and defined in the token. The following authentication related error responses can be returned by OIS:

• If an endpoint responds with '401 unauthorized', it means the token is not valid for the environment or the token has expired.

• If an endpoint responds with '403 forbidden', it means the endpoint is not in scope for the token.