Skip to main content

Application registration and authentication

tip

In short:

  1. You need to register a client on MyPage before you can access the API.
  2. Create an access token using client_credentials
  3. Send access token with requests a bearer token header.

Prerequisites, licencing and crediting

This link contains information about the data BarentsWatch gathers and provides access to via our APIs: https://www.barentswatch.no/om/apnedata/ (Norwegian)

Information about requirements for using the BarentsWatch API can be found here: www.barentswatch.no/om/api-vilkar (Norwegian).

If you have any questions or problems connecting (after reading the rest of this page), contact us at post@barentswatch.no

How to connect to the BarentsWatch API.

The BarentsWatch API supports Open ID Connect flows (client credentials, authorization code, and device code). You will need to register a client with us in order to access the APIs. The OpenID discovery document is here: https://id.barentswatch.no/.well-known/openid-configuration

Registering a Client

In order to access the BarentsWatch API you need an API Client. You can register your own API Client connected to your user. To to so you must first create a user and log in at https://www.barentswatch.no/minside/. Here you can self register clients for use with your application.

When registering a client you need to choose between API-client and AIS-client, depending on the API you want to access. This also affects the 'scope' you must use when obtaining an access token.

Self registered clients only supports Open ID Connect's client_credentials flow. If you need to use something other than credentials flow, you will have to contact BarentsWatch (post@barentswatch.no) to set up other types of clients.

Obtaining an Access Token

Once you have a client (either from self-registration on MyPage/Minside, or obtained from BarentsWatch) you can use the clients ClientID and ClientSecret to obtain an Access Token. The Access Token is used for granting access to endpoints providing data.

An application can obtain a token for use with the BarentsWatch API by posting a token request via HTTPS to https://id.barentswatch.no/connect/token:

  • Use HTTPS POST
  • URL must be id.barentswatch.no/connect/token
  • Header 'content-type' must be 'application/x-www-form-urlencoded'
  • Body must have four key-value pairs, separated by ampersand (&):
    • Key 'grant_type' must have value 'client_credentials'
    • Key 'client_id' must have your full client ID as value, which is often written like this: myusername@example.com:myclient. If your client does not url-encode automatically, you must url-encode it like this: myusername%40example.com%3Amyclient
    • Key 'client_secret' must have a client secret you have created, as value.
    • Key 'scope' must have value 'api' or 'ais' depending on the type of API you want access

Note that the client_id, client_secret, scope (and grant_type) need to be sent in the body – not as headers!

Example request, using curl:

    curl -X POST --header "Content-Type: application/x-www-form-urlencoded" -d "client_id=YOUR_CLIENT_ID&scope=api&client_secret=YOUR_CLIENT_SECRET&grant_type=client_credentials" https://id.barentswatch.no/connect/token

Example success response:

{
  "access_token":"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3",
  "token_type":"bearer",
  "expires_in":3600
}

More information: https://www.oauth.com/oauth2-servers/access-tokens/access-token-response/

Using your access token to access the API

This is an example request to the BarentsWatch API to get available forecast times for a particular fairway.

GET /bwapi/v1/geodata/waveforecast/available/?modelname=folda&fairwayid=1 HTTP/1.1
Host: www.barentswatch.no
User-Agent: My Application Name
Content-Type: application/x-www-form-urlencoded
Authorization: bearer MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3

The same request using curl:

curl -X GET "https://www.barentswatch.no/bwapi/v1/geodata/waveforecast/available?modelname=folda&fairwayid=1" --header  "Authorization: Bearer MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3"

These external websites might be useful for developers: