Skip to main content

Legacy API

caution

The API running on https://www.barentswatch.no/api/ is now deprecated. The exact date of removal will be announced in advance.

Authentication (now deprecated)

For resources that do not require user authentication, application authentication is required: More about application authentication.

Authentication protocol is OAuth 2.0.

Resource Owner Password Credentials flow

The user must supply a username and a password to an external client that will authenticate with the server. The server then returns a token that must be used in successive calls to the API.

Token generation:

  • Use an URL-encoded HTTP POST
  • Url must be '../api/token', ex: www.barentswatch.no/api/token
  • Header-parameter 'content-type' must be 'application/x-www-form-urlencoded'
  • Parameter 'grant_type' must be 'password'
  • Parameter 'username' (portal user) must be provided
  • Parameter 'password' must be provided
  • The response looks something like this: 
    {
        "access_token": "<long_token_string_here>",
        "token_type": "bearer",
        "expires_in": 43199
    }
  • You will receive a token ('access_token') when valid credentials has been supplied
  • The token is valid for 12 hours ( 'expires_in' in the response is remaining seconds)
    • Just request a new token when the old one expires

Client Credentials flow

The client must supply an id and a secret to authenticate with the server. The server then returns a token that must be used in successive calls to the API. Token generation:

  • Use an URL-encoded HTTPS POST
  • URL must be '../api/token', ex: www.barentswatch.no/api/token
  • Header-parameter 'content-type' must be 'application/x-www-form-urlencoded'
  • Parameter 'grant_type' must be 'client_credentials'
  • Parameter 'client_id' (api user) must be provided
  • Parameter 'client_secret' must be provided
  • The response looks something like this: 
    {
        "access_token": "<long_token_string_here>",
        "token_type": "bearer",
        "expires_in": 604800
    }
  • You will receive a token ('access_token') when valid credentials has been supplied
  • The token is valid for 7 days ( 'expires_in' in the response is remaining seconds). This time interval is subject to change. |* Just request a new token when the old one expires

How to make call the API:

  • The header-parameter 'Authorization' must be set to 'Bearer [token]' using the token returned by the authentication process.
    Example
        Authorization: Bearer 9f_TDcb_wUisotaVyLlsqmFq1-...-L1E1M9dWNp1QmF6puNYzxlX00UFBMsFOGLlG3pWNNx
  • Call the method using HTTPS and add other parameters as usual