Authenticating Your App
Overview
DataShare API uses API Keys and a 30-minute Access Token (JSON Web Tokens - JWTs) for authentication.
At the start of a session, a valid access token will need to be obtained using an API Key. The token and API key must then be sent in the header during the rest of the session.
Your API key is available through DataShare Admin. You will be given a primary and a secondary key and either can be used.
POST /v1/oauth/token
| Parameter | Description | Location |
|---|---|---|
content-Type string |
The content type expected. Value:application/x-www-form-urlencoded | Header |
Ocp-Apim-Subscription-Key string |
API Key fetched from DataShare Admin``` string |
Header |
key string |
API Key fetched from DataShare Admin | Body |
grant_type string |
Value: vapi_key. vapi_key is the string value, and does not represent a variable | Body |
curl -X POST \
-H 'Ocp-Apim-Subscription-Key: {Ocp-Apim-Subscription-Key}' \
-F 'grant_type=vapi_key' -F ‘key={key}' \
https://api.{environment}.validis.com/v1/oauth/token
Response
| Field | Description |
|---|---|
access_token string |
JSON Web Token (JWT) |
token_type string |
The JWT grant type |
expires_in integer |
Time in seconds until the access token expires |
resellerId UUID |
the unique identifier of your reseller within the DataShare system. |
clientId UUID |
The unique identifier of your organisation within the DataShare system. |
permissions Comma-separated list |
An obfuscated list of permissions granted by the token. All granted permissions are already included in the JWT but this may be useful when investigating permission issues. |
userId integer |
The unique identifier of the user |
vconnectClientId string |
The unique identifier of your DataShare system, as provided by the Authentication endpoint |
jti string |
JSON Web Token Id |