Authentication

Applications that want to authenticate to the CE-API using introspection should log in to their IDP first. Then the Exchange external's provider token with a NET2GRID token through introspection. endpoint of CE-API should be triggered for the end user to be authenticated:

POST /v2/sso/exchange-token
Authorization: API-key

📘

The API key that should be used to execute the call will be provided to the customer once the dedicated instance of the NET2GRID Insight Platform has been setup and/or when a new labelpartner is added in the platform.

with a request body containing the token of their IDP that should be used for introspection in the external_provider_access_token field.

A successful response of the call would return a response similar to:

{
    "accessToken": "<ACCESS_TOKEN>",
    "refreshToken": "<REFRESH_TOKEN>",
    "idToken": "<ID_TOKEN>",
    "expiresIn": 3600,
    "tokenType": "Bearer",
    "scope": []
}

Refresh Token

After successful retrieval of an access and a refresh token for the Net2Grid CE-API the POST /token with the refresh_token grant is recommended to be used to retrieve access tokens afterwards. This results in enhanced application performance with reduced calls to the IDP.

curl --location --request POST '<CE_API_BASE_URL>/v2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=<CLIENT_ID>' \
--data-urlencode 'client_secret=<CLIENT_SECRET>' \
--data-urlencode 'refresh_token=<REFRESH_TOKEN>' \
--data-urlencode 'grant_type=refresh_token'

🚧

Once the Refresh token has also expired, then the access token needs to be retrieved again from the the POST /v2/sso/exchange-token endpoint .