Resources available in Trans.eu API are secured, which means that each request must be authorized and include access_token in request header.

To obtain authorization, end user must grant application permission to use his data.

In order to make this process as easy as possible, Trans.eu API supports OAuth 2.0 protocol.

Existing implementation supports authorization code and resource owner password credentials grant types. Client credentials are available only for registered applications.


Entry requirements

Each API authorization request must consists of:

  1. Active user account credentials (TransId and password)
  2. Valid client credentials (client_id and client_secret)

To obtain client credentials, please fill out the application registration form available here.

User account can be created using company registration form.


Example of authorization flow

Description of authorization flow with required and received data:

  1. Redirection to authorization server for user to post credentials directly to authentication form.
    1. Required parameters: response_type, client_id, redirection_uri
    2. Response: code
  2. Return to the address given as redirection_uri with additional code parameter
  3. Code has to be sent back to authorization server from the same as redirection_uri location and using the same client_id
    1. Required parameters: code, client_id, client_secret
    2. Response: access_token, refresh_token
  4. Retrieving access_token and refresh_token
  5. Request header consists of valid access_token
  6. After access_token expires it is possible to retrieve new pair of tokens without user involvement using refresh_token

Important

For authorization process it is required for users to provide credentials by themselves. It is also very important to give the possibility to authorize for each individual users.