API Reference

oauth

POST /oauth/v2/token Create access token

Implementation notes

This token must be used to authorize all further API requests to the server, and is valid for a period of time.

Authorization Code Grant

The authorization code grant type is used to obtain both access tokens and refresh tokens and is optimized for confidential clients. As a redirection-based flow, the client must be capable of interacting with the resource owner's user-agent (typically a web browser) and capable of receiving incoming requests (via redirection) from the authorization server.

Example invocation: "curl -v -X POST https://api.telenor.no/oauth/v2/token -u client_id:client_secret --data "code=5D7vaNS4" --data "grant_type=authorization_code" "

Example response (200 OK): "{"access_token" : "4P....uY", "expires_in" : 3599}", time in seconds.

Resource Owner Password Credentials Grant

This is suitable in cases where the resource owner has a trust relationship with the client, such as the device operating system or a highly privileged application. The authorization server should take special care when enabling this grant type, and only allow it when other flows are not viable. The grant type is suitable for clients capable of obtaining the resource owner's credentials (username and password, typically using an interactive form). It is also used to migrate existing clients using direct authentication schemes such as HTTP Basic or Digest authentication to OAuth by converting the stored credentials to an access token. The resources owners credentials will be supplied from Telenor for the appropriate clients.

Example invocation: "curl -v -X POST https://api.telenor.no/oauth/v2/token -u client_id:client_secret --data "grant_type=password" --data "username=API1000XYZ" --data "password=secret" "

Example response (200 OK): "{"access_token" : "4P....uY", "expires_in" : 3599}", time in seconds.

Client credentials Grant Type

This oauth flow is suitable in cases with machine to machine communication. Where the request client is a highly privileged application. Clients are typical not allowed to use this grant type from Internet.

Example invocation: "curl -v -X POST https://api.telenor.no/oauth/v2/token -u client_id:client_secret --data "grant_type=client_credentials" "

Example response (200 OK): "{"access_token" : "4P....uY", "expires_in" : 3599}", time in seconds.

NOTE:
The authorization header is created from your client_id (Consumer Key) as your basic authentication username,
and the client_secret (Consumer secret) as the basic authentication password. Basic authentication requires you to Base64 encode the combination of username:password, note: the colon separating the username and password and is in the form "Authorization: Basic OZXhhbXBsZWNsaWVudGlkOmV4YW1wbGVzZWNyZXQ="
When using curl use can use '-u username:password' in order for curl to do the Base64 and add this header for you.

Parameters

Parameter:
Authorization*
Description:
Authorization, Basic authorization using the Consumer Key (client_id) as 'username' and Consumer secret (client_secret) as password. Base64 encode username:password. "Authorization: Basic QW....=="

Example: Authorization: Basic Q2xpZW50SWQ6U2VjcmV0
Parameter type:
header
Data type:
string

Parameter:
grant_type*
Description:
Grant type of token request.

Possible values: authorization_code, password, client_credentials
Parameter type:
formData
Data type:
string

Parameter:
code*
Description:
Value of authorization code from get authorization call.
Parameter type:
formData
Data type:
string

Parameter:
scope
Description:
The scope of the access request.Use values returned in callback url after /authorize call or values handed out together with client id.
Parameter type:
formData
Data type:
string

Parameter:
username
Description:
Resource owners username. Required only for 'grant_type=password'
Parameter type:
formData
Data type:
string

Parameter:
password
Description:
Resource owners password. Required only for 'grant_type=password'
Parameter type:
formData
Data type:
string

Response class (Status 200)

Model | Model schema

access_tokenstring: The token representing an authorization issued to the client and the logged in user
expires_ininteger: The lifetime in SECONDS of the AccessToken. E.g. a value of 3600 indicated that the access_token will expire in 1 hours from the time it was issued.
token_typestring: If returned, it will explicitly state the type of token issued. It will be ‘Bearer’ by default.
refresh_tokenstring: If returned, the refresh token can be used to obtain new access tokens using the authorization grant ‘refresh_token’. The refresh token itself will also be refreshed.

{
  "access_token": "Iu25QXBwbGbljYXRpzQHRIuYlbGVub329XXQ3tOnMY3BRo0QyVFJUiN",
  "expires_in": "3600",
  "token_type": "Bearer",
  "refresh_token": "9XXQ3tOnMY3BRo0QyVFJUiNIu25QXBwbGbRIuYlbGVub32ljYXRpzQH"
}

Error responses

400: Error code 2 - Missing or invalid grant_type
Error code 3 - Missing code formparam

401: Error code 1 - Invalid client id
Error code 20 - Invalid resource owner credentials
Error code 21 - Unsufficient permissions to use requested grant_type
Error code 22 - Basic Authentication failed, bad username or password.
Error code 23 - User credentials does not match granted client credentials
Error code 4 - Invalid authorization code
Error code 5 - Not authorized to create access token
Error code 6 - Missing or bad Authorization header
Error code 7 - Invalid refresh_token
Error code 9 - Invalid Client data

403: Error code 12 - Invalid RedirectURI
Error code 15 - Illegal Response Type
Error code 8 - Illegal or non authorized scope

500: Error code 16 - Invalid App Attributes.Please contact Telenor Admin
Error code 2 - Internal Server Error

The Try-It functionality is only available when logged in to the portal.