How to Authenticate

Authentication

In order to authenticate, you will need your apikey.

Step 1: Obtain an oAuth token via POST.

https://api.nwea.org/auth/v1/token 

 

Header name Sample Value Description
Authorization eE5NNzBEUkluYXNYbHM4bGM4dldWaUhFNmJDWXlBQXc6bm1CNFRGcXJZNEc2RlB2WA== Basic auth header of apikey:apisecret base64 encoded. You can find these values in your App as Consumer Key and Consumer Secret.
apikey xNM70DRInasXls8lc8vWViHE6bCYyAAw The apikey for your App, found as the Consumer Key.
grant_type  'client_credentials' Required default header, "client_credentials".

 

Example cURL command and response:

curl --request POST \

  --url https://api.nwea.org/auth/v1/token \

  --header 'apikey: xNM70DRInasXls8lc8vWViHE6bCYyAAw' \

  --header 'authorization: beE5NNzBEUkluYXNYbHM4bGM4dldWaUhFNmJDWXlBQXc6bm1CNFRGcXJZNEc2RlB2WA== ' \

  --header 'grant_type: client_credentials '
HTTP/1.1 200 OK
Connection:
keep-alive
Content-Length:
587
Content-Type:
application/json
Date:
Thu, 13 Jul 2017 18:13:38 GMT
Server:
Apigee Router
{
  "refresh_token_expires_in": "0",
  "api_product_list": "[fake-product]",
  "api_product_list_json": [
    "fake-product"
  ],
  "organization_name": "nwea-prd",
  "developer.email": "example@eg.org",
  "token_type": "BearerToken",
  "issued_at": "1499969618451",
  "client_id": "fakeApiKey",
  "access_token": "CtAmOTflfA9t9aEnR2jFwv2nj8Pu",
  "application_name": "adfas-dad-asdfa-adad-adada",
  "scope": "",
  "expires_in": "3599",
  "refresh_count": "0",
  "status": "approved"
}

 

Step 2: Use the access_token from the response in the header parameters of each endpoint call as Bearer token.

Example cURL command:

curl -X GET --header "Content-Type: application/json" --header "apikey: xNM70DRInasXls8lc8vWViHE6bCYyAAw" --header "Authorization: Bearer CtAmOTflfA9t9aEnR2jFwv2nj8Pu" "https://api.nwea.org/organizations/v1/schools"

Up next: Understanding Organization Hierarchies