Skip to main content

OAuth 2.0

The Data Protection Services GraphQL API uses OAuth 2.0/OpenID Connect both internally and for external applications to make API calls on behalf of your organization.

Request an access token (Service-to-service)

To obtain an access token you will first need to register a client application, then use the generated client ID and client secret to get an access token.

Example

$ CLIENT_ID=c3b7c6cf-9bd2-4053-be11-5fe94d6d4566
$ CLIENT_SECRET=password
$ SCOPE=org:0e7ecd50-650a-425d-a6e7-462eb1b3f1f2
$ curl https://sso.nsd.no/oauth/token \
-u $CLIENT_ID:$CLIENT_SECRET \
-d "grant_type=client_credentials&scope=$SCOPE"

{
"scope": "org:0e7ecd50-650a-425d-a6e7-462eb1b3f1f2",
"access_token": "eyJraWQiOiJjQTdxRz...",
"expires_in": 3600,
"token_type": "Bearer"
}

You can now make API calls by passing the access token in the Authorization header:

$ TOKEN=...
$ QUERY='query{organization(id: \"af6fdcec-fcd6-4af2-8d61-03838b992344\"){name}}'
$ curl -H 'Content-Type: application/json' \
-H "Authorization: Bearer $TOKEN" \
-X POST \
-d "{\"query\": \"$QUERY\"}" \
https://api.nsd.no/graphql

{
"data": {
"organization": {
"name": "NSD – Norsk senter for forskningsdata AS"
}
}
}

Note: The current token endpoint, supported protocols and other metadata is available at https://sso.nsd.no/.well-known/openid-configuration

Further reading: