Authorization

API requests require authorization. You can authorize via OAuth 2.0 client credentials flow.

Note

• If you write your own application/integration, you need to request an API user from your Grassfish contact person.

• We recommend having one specific user per application/integration who has the necessary rights and permissions to use the API.

What is OAuth 2.0?

OAuth 2.0 is an open authorization standard that allows users to grant third-party applications limited access to their resources on another service without sharing their passwords.

Client credentials flow

We support the OAuth 2.0 client credentials flow, which allows applications to obtain an access token by submitting their own client ID and secret to an authorization server, without requiring user interaction or consent.

Scope

The scope needs to be aquaconnect when requesting the token.

Example login

Here’s an example of logging in and receiving the bearer token.

To use it, replace <TokenUrl>, <ClientId>, and <ClientSecret> with the values provided to you after requesting a user.

POST <TokenUrl>
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials
&client_id=<ClientId>
&client_secret=<ClientSecret>
&scope=aquaconnect