Connect
  1. Overview
Connect
  • Connect/ConnectID API Reference
  • Overview
    • API lifecycle
    • OAuth 2.0
    • About the URLs
    • Google analytics
    • Unite payment SDK
    • Events
      • Authentication
      • Connect realtime events
      • ConnectID events
  • Customer Data
    • Address
      • Change addresses
      • List addresses
      • List addresses - client mode
      • List addresses for product - client mode
      • List addresses for product
    • Category
      • List category types
      • List category codes
      • List category codes for category type
    • Customer
      • List customer info
      • Change customer Info
      • Search customer - client mode
      • Check customer number - client mode
      • List customer info - client mode
    • External Reference
      • Remove external reference - client mode
      • Change external reference - client mode
      • List external references - client mode
      • Register external reference - client mode
  • Order Management
    • Article
      • Check article price
    • Coupon
      • Check coupon price - client mode
      • List coupon - client mode
      • List coupon for coupon number - client mode
    • Fulfillment
      • Complete order - client mode
    • Order
      • Order Guide
        • Introduction
        • How to register an order
        • Complete order by fulfillment URL
        • Complete order by fulfillment API
        • Q&A for order
      • List orders
      • Search order details
      • List order product history
      • List order status - client mode
      • Register customer - client mode
      • Register customer
      • Register order - client mode
      • Register order
    • Reward
      • Check reward - client mode
    • User
      • Assign user - client mode
    • Voucher Coupons
      • List voucher code coupons - client mode
  • Payment Services
    • Invoice
      • List invoice details
      • List invoices - client mode
      • List invoices for product - client mode
      • List invoices and reminders
      • List invoices and reminders for product
      • List basic invoice info
      • List basic invoice info for product
    • InvoiceAddress
      • List invoice address
    • Klarna
      • List klarna recurring tokens
      • Add Klarna token
      • Remove Klarna token
    • Nexi
      • List Nexi subscriptions
      • Add Nexi subscription
      • Remove Nexi subscription
    • PayEx
      • List PayEx tokens
      • Add PayEx token
      • Remove PayEx token
    • Payment
      • List payment methods
      • Pay invoice
      • Change payment method
    • Vipps
      • List vipps agreements
      • Add vipps agreement
      • Remove vipps agreement
  • Privacy
    • Consent
      • Access private data
      • Remove private data
      • List consent event history - client mode
      • List consent text - client mode
      • List consent text history - client mode
      • List consent groups - client mode
      • List consent given issuer - client mode
      • List consent event history
      • List consent given issuer
      • List consent groups
      • Register consent event - client mode
      • Register consent event
    • Permission/Shield
      • List global permissions
      • List enterprise permissions
      • Change enterprise permissions
      • List ordertype permissions
      • Change ordertype permissions
      • Check shield ordertype - client mode
      • Check shield enterprise - client mode
    • Privacy
      • List privacy enterprise
      • Change privacy enterprise
      • List privacy ordertype
      • Change privacy ordertype
  • Product & Services
    • Complaint
      • Register complaint
      • List complaints
    • Delivery
      • List next distributions
      • List next distributions - client mode
    • DeliveryStop
      • Remove delivery stops
      • Register delivery stops
      • List delivery stops
      • List delivery stop - client mode
    • Issue
      • List distributed issues
      • List product issues - client mode
    • Product
      • List products - client mode
      • Check product - client mode
      • List specific products - client mode
    • ProductDeliveryPlan
      • List productdeliveryplan - client mode
    • ProductDependency
      • Check product dependency discount - client mode
    • Sharing
      • Send subscription share invitation
      • Accept subscription share invitation
      • Decline share - client mode
      • List shareable subscription rules
      • List distribution levels
      • Change subscription share invitation details
      • List all shared subscribers
      • Cancel sharing
      • List shareable subscription nets
      • Change shareable subscription nets
      • Change distribution level
    • Subscription
      • List shared subscriptions
      • List subscriptions
      • Start subscription
      • List subscriptions - client mode
  • Recruitment
    • Recruitment
      • Register recruitment - client mode
      • List recruitments
      • List premium recruitments
      • Change premium recruitments
      • Register recruitments
    • RecruitmentCampaign
      • List recruitment campaign - client mode
  • User Data
    • Access
      • Check access
      • Check access - client mode
    • Credential
      • Check credential - client mode
    • Metadata
      • List metadata
      • Change metadata
      • Remove metadata
      • List metadata - client mode
      • Change metadata - client mode
      • Remove metadata - client mode
    • Profile
      • List user profile
      • List external user profiles
  • Diverse
    • External Identity
      • Register external Id - client mode
      • Register customer - client mode
    • Message
      • List messages
      • Send message
      • Send message - client mode
    • Status
      • List status messages
    • Stock
      • Change stocks - client mode
      • List stocks - client mode
      • List stocks for product - client mode
  1. Overview

OAuth 2.0

Introduction#

OAuth is an open standard to authorization. OAuth provides client applications a ‘secure delegated access’ to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials.
A technical specification of OAuth 2.0 is described in the standard RFC 6749. A non-technical simple specification is given in this guide and Wikipedia.

Authorization endpoint#

This endpoint ensures that the user is logged in and has authorized access to the desired resource. It returns an authorization code as per the OAuth specification. If the user is not already logged in, she will be presented with the same GUI as the loginUrl.

Authorization grant types#

We are supporting two types of Authorization grant types:
Authorization code
Client credentials (used for client API).

Authorization code#

The authorization token is provided by the authorization endpoint and is used with the token endpoint to get an access token.

Token endpoint#

The token endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token. The token endpoint is used with every authorization grant except for the implicit grant type (since an access token is issued directly). See the OAuth specification.

Access token#

The access token is provided by the token endpoint and is required in order to access the ConnectID APIs.
Access token lifetime is 12 hours by default but may be overridden in the client configuration if necessary.

Refresh token#

Refresh token is a token that the Oauth client can use to get a new access token without the user's interaction.
Refresh token lifetime is 30 days by default.

Extension grant types#

The OAuth2 specification allows for extension grant types to be created (see section 4.5 in RFC 6749). Unite has created a proprietary grant type to enable the token endpoint to issue tokens using the state code given by the External Identity. In order to use the custom grant type the client must POST to the token endpoint using the following parameters (for External Identity API):
ParameterValue
grant_typehttps://connectid.no/oauth2/grant_type/extid_code
codeSet the value from the field extidCode in External Identity
extidCode is an JWT token that contains user information required to process OAuth alternate login flow. This JWT token has a default lifetime for 20 minutes.
The request should be sent as application/x-www-form-urlencoded and authenticated using Basic Authentication. The response is a standard OAuth2 response according to the specifications in RFC 6749.

URLs for OAuth 2.0#

Below you find the URLs that you need to use OAuth 2.0 and these are based on the Norwegian domain .no.

Production#

Swedish domain
If you wish to use the Swedish domain, please use .se instead of .no in production environment.
Authorization URL: https://connectid.no/user/oauth/authorize
Token URL: https://connectid.no/user/oauth/token
Refresh URL: https://connectid.no/user/oauth/token

Test#

Authorization URL: https://api-test.mediaconnect.no/login/oauth/authorize
Token URL: https://api-test.mediaconnect.no/login/oauth/token
Refresh URL: https://api-test.mediaconnect.no/login/oauth/token
Previous
API lifecycle
Next
About the URLs
Built with