Authentication

To ensure secure access to the Partner Services API, all requests must be authenticated. This guide provides instructions on how to authenticate your requests.

We are using standarized OAuth2 client credential flow to authenticate client applications

Register Your Application

  • Contact Knowit to get a client_id and client_secret.

Request an Access Token

  • Make a POST request to the token endpoint:

    POST https://<keycloak-domain>/auth/realms/<realm-name>/protocol/openid-connect/token

    Include the following parameters:

    • grant_type=client_credentials

    • client_id=YOUR_CLIENT_ID

    • client_secret=YOUR_CLIENT_SECRET

Example: Retrieving Access Token

Here’s an example using curl:

curl -X POST https://<keycloak-domain>/auth/realms/<realm-name>/protocol/openid-connect/token \
     -d 'grant_type=client_credentials' \
     -d 'client_id=YOUR_CLIENT_ID' \
     -d 'client_secret=YOUR_CLIENT_SECRET'

Making Authenticated Requests

Include the access token in the Authorization header for API requests:

Authorization: Bearer YOUR_ACCESS_TOKEN

Example: Making an Authenticated Request

Here’s an example of a GET request to retrieve an application by its ID using .NET:

using System;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Threading.Tasks;

namespace PartnerServicesApiExample
{
    class Program
    {
        private static readonly HttpClient client = new HttpClient();

        static async Task Main(string[] args)
        {
            var accessToken = "YOUR_ACCESS_TOKEN"; // Replace with your actual access token
            client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);

            var applicationId = 123; // Example application ID
            var response = await client.GetAsync($"https://api.partner-services.com/application/{applicationId}");

            if (response.IsSuccessStatusCode)
            {
                var responseData = await response.Content.ReadAsStringAsync();
                Console.WriteLine(responseData);
            }
            else
            {
                Console.WriteLine($"Error: {response.StatusCode}");
                var errorData = await response.Content.ReadAsStringAsync();
                Console.WriteLine(errorData);
            }
        }
    }
}

Error Handling

Handle errors by checking response status codes and printing error details if the request fails.

Best Practices for OAuth 2.0 Security

  1. Keep Credentials Secure: Store client secrets securely and never expose them in client-side code.

  2. Use Environment Variables: Store credentials in environment variables or secure vaults.

  3. Regularly Rotate Secrets: Periodically regenerate client secrets to reduce the risk of compromise.

  4. Monitor Usage: Track API usage to detect unusual activity.

By following these guidelines, you can securely and efficiently access the Partner Services API using Keycloak's OAuth 2.0 client credentials flow.

PreviousGetting startedNextEndpoints

Last updated