Context and background
Target audience
Analysts and developers of integrators who want to call the secured GIPOD API and need to know how to authorize.
Goals
-
Help you decide the most suitable method to connect to the GIPOD REST APIs
-
Provide a step-by-step explanation of how to get authorization to use the secured GIPOD REST APIs with your chosen method.
Terminology
|
Term |
Definition |
|---|---|
|
Resource Owner |
The entity that can grant access to a protected resource. Typically, this is the end-user. |
|
Client |
An application requesting access to a protected resource on behalf of the Resource Owner. |
|
Resource Server |
The server hosting the protected resources. These are typically the secured Digitaal Vlaanderen REST APIs. |
|
Authorization Server |
The server that authenticates the Resource Owner and issues Access Tokens after getting proper authorization. In this case this is the Digitaal Vlaanderen Authorization Server (authenticatie.vlaanderen.be) |
|
Access Token |
A credential that can be used by an application to access an API. |
|
Refresh Token |
A long-lived token that is used to obtain a new Access Token after a previous one has expired. |
|
JSON Web Key |
A JavaScript Object Notation (JSON) data structure that represents a cryptographic key. This will be used to establish asynchronous authentication. |
How to obtain your oauth Client from Digitaal Vlaanderen?
You can obtain access to the GIPOD API trough the self-service portal "Beheerportaal". There are two environments:
-
Beheerportaal T&I, connected to the GIPOD beta environment
-
Beheerportaal, connected to the GIPOD production environment