Authentication requires a username and password which will be a company system user obtained from Min Bedrift that provides data access authorization. This grant type is used where the API client (company) has an established trust relationship with the API owner (Telenor Norway). The username and password, used together with the client ID and client secret, can be used to obtain an access token.

The token can be reused for all subsequent requests to the API, until it expires. The expiry time is set in the response and may vary.

The flow for this grant type is very simple and does not include any browsers in the flow.

  1. Your application posts a username and password to the /oauth/v2/token endpoint, using the clientId and client secret as basic authentication,

  2. The OAuth service replies with the access token and the expiry time.

  3. Your application can now use the token until it expires. It must be set in the Authorization header as Bearer {access_token}

The table below the different credentials. Which to use and which not to use. Take some time to get familiar with the different parameters.

Credentials cheat sheet


What it's used for

Where to find it

Example values


Client_id_parameter is an OAuth parameter that identifies your client. Think of it as an application id.

Under your apps in your dashboard (log in with Telenor ID)




This is the secret for the client_id, which is an OAuth parameter that identifies your client. Think of it as an application password.

Under your apps in your dashboard (log in with Telenor ID)



In this OAuth flow, to get an access token you have to provide a username and password. This can be a bit confusing, but this username is a machine user that accesses company data. It is not related to the user you log into the developer portal or Min Bedrift. It is a non-personal user that your company's Administrator has to provide you.

Can be found in Min Bedrift under APIs if you have admin rights



The password for the username to provide data access authorization

The password can be generated and sent to a mobile from Min Bedrift if you have admin rights. If not you must ask your administrator to send it to your number.



Min Bedrift username and password

This user is not involved in the actual usage of the APIs. This is your single sign on user to the Min Bedrift Portal if your company has a Min Bedrift Agreement. You may have different roles within the company. If you are an API administrator, this is the user you should log in with to add developers.

username: myemailusername Password: AbcDefG123

Telenor ID
Username and password

These credentials are used by a developer to get access to the developer portal. This is a personal user and can also be used for other Telenor services, like Mitt Telenor and Min Sky

If you need to register a new user, or if you have forgotten your password, you log in as a developer and get to choose if you want to log in or create new user. If you need access to the apps of your company, the administrator of that company must send an invite to your Telenor ID in order to grant access to the apps

Username: e-mail-address or mobile number

(Telenor ID uses two-factor authentication)

In short:

NB: The refresh_token and token_type are optional return values and can be ignored for this API.