Resources available in Trans.eu API are secured, which means that each request must be authorized and include access_token in request header.
To obtain authorization token, end user must grant application permission to use his data.
In order to make this process as easy as possible, Trans.eu API supports OAuth 2.0 protocol.
Each API authorization request must consists of:
- Active user account credentials (TransId and password)
- Valid client credentials (client_id and client_secret)
- Registered redirect_uri
- Api_key in request header
To obtain client credentials and Api_key, please fill out the application registration form available here.
User account can be created using company registration form.
Example of authorization flow
Description of a sample authorization flow with required and received data:
- Redirection to authorization server for user to post credentials directly to authentication form.
- Required parameters: response_type, client_id, redirect_uri
- Response: code
- Return to the address given as redirect_uri with additional code parameter
- Code has to be sent back to authorization server from the same as redirect_uri location and using the same client_id
- Required parameters: code, client_id, client_secret
- Response: access_token, refresh_token
- Retrieving access_token and refresh_token
- Request header consists of valid access_token
- After access_token expires it is possible to retrieve new pair of tokens without user involvement using refresh_token, which is valid for 14 days.
For authorization process it is required for users to provide credentials by themselves. It is also very important to give the possibility to authorize each individual users.