Authorization
=============

.. toctree::
    :hidden:

The open+ API uses Bearer token authorization using the Oauth2 ``client_credentials`` flow.

This means that you have to include the Oauth2 Access Token in the Authorization http header like follows:

.. code-block:: http

   GET <url> HTTP/1.1
   Authorization: Bearer <access_token>

To request a new token, then you need access to the API module tab in the open+ Access Administration under your customer in Configuration.

There you can find your customer Oauth2 ``client id`` and ``client secret``. 

You then need to make the following request to the open+ Identity Server:

.. code-block:: http

    POST https://identity.opnbibliotheca.com/connect/token HTTP/1.1
    Content-Type: application/x-www-form-urlencoded
    Content-Length: <length>
    Host: <host>

    client_id=<your client id>&
    client_secret=<your secret>&
    grant_type=client_credentials&
    scope=OpenPlusAPI

Which will either respond with an error:

.. code-block:: json

    {
        "error": "error_message"
    }

or a success message with the access token:

.. code-block:: json

    {
        "access_token": "access_token",
        "expires_in": 3600,
        "token_type": "Bearer",
        "scope": "OpenPlusAPI"
    }